Embracing HIPAA Security at Home and at Work

May 2022

We certainly live in interesting times. I mean, my mother that is 87 years old, received a tablet for her Christmas present. My three-year-old grandson uses his mother's cell phone as a computer to play and watch his videos. Even I have been affected by having remote an application to control the temperature of my pool's temperature and spa. I mean, we are talking about smart homes, and we seem to have an app or device for just about every activity in the house. But do you know what all these new apps and gadgets have in common? They all use the Internet and your network to connect.

In principle, there is no issue with this as it is your own network, and you can do whatever you want with it. On the other hand, when was the last time that you checked your firewall, antivirus, or security updates on the same? Phones normally are different as they may be encrypted, and the major companies are publishing updates on a frequent basis, but what about the other devices and apps?

In fact, in January 2018, the first smart toy privacy case was brought to court. As a result of the findings of the case, the following year, the Federal Trade Commission (FTC) published a warning regarding the dangers of smart toys. One of the issues pointed dealt with the lack of security and the ability of these toys to record voice and visual data. Another topic covered referred to the areas manufacturers should focus on to minimize their security and privacy vulnerabilities.

I'm not a manufacturer, so I have to think about my loved ones and me. Also, I don't have a lot of resources, so I have to be smart about how to tackle this problem. So, the first thing I decided to do was to identify the problem. What devices or apps do I use, what are their vulnerabilities, and what can I do to minimize my exposure? The next step dealt with what information was exposed and what specific activities needed to take place for me to feel secure.

In simple terms, I needed to conduct a vulnerability study of my devices and network. I also needed to identify and secure my electronic information. Finally, I had to establish procedures to protect and keep that protection while enjoying the use of my devices and the benefits of interconnectivity. In case you still don't get it, this refers to HIPAA Security, ePHI, and a Security Risk Analysis (SRA).

In summary, it is ok to embrace technology, but in order to ensure you minimize the potential of becoming a cybercrime victim, you need to think in terms of security. For me, this means embracing HIPAA Security at home and at work. What about you?