How HIPAA Security Policies Affect Corporate E-mail Systems

Written by CipherTrust

Although considered by many to berepparttar sole concern of health care providers,repparttar 109513 Health Insurance Portability and Accountability Act (HIPAA) affects nearly all companies that regularly transmit or store employee health insurance information. HIPAA was signed into law in 1996 and it's original purpose was to protect employee health and insurance information when workers changed or lost their jobs. As use ofrepparttar 109514 internet became more widespread inrepparttar 109515 mid-1990s, HIPAA requirements overlapped withrepparttar 109516 digital revolution and offered direction to organizations needing to exchange healthcare information. HIPAA regulations apply to any establishment that exchanges individually identifiable healthcare information.

Collaboration between healthcare professionals, their colleagues, their patients, and employers has grown progressively more digital, and e-mail has played an ever-increasing role in this communication. Inrepparttar 109517 process of this development,repparttar 109518 need for information security and privacy has created an impediment to widespread adoption.

In addition torepparttar 109519 usual concerns about privacy and security of e-mail correspondence, even organizations that are not inrepparttar 109520 heathcare industry must now considerrepparttar 109521 regulatory compliance requirements associated with HIPAA. The Administrative Simplification section of HIPAA, which, among other things, mandates privacy and security of Protected Health Information (PHI), has sparked concern about how e-mail containing PHI should be treated inrepparttar 109522 corporate setting. HIPAA, as it relates to e-mail security, is an enforcement of otherwise well-known best practices that include:

  • Ensuring that e-mail messages containing PHI are kept secure when transmitted over an unprotected link
  • Ensuring that e-mail systems and users are properly authenticated so that PHI does not get intorepparttar 109523 wrong hands
  • Protecting e-mail servers and message stores where PHI may exist
Organizations regulated by HIPAA must comply and put these practices in place. However,repparttar 109524 need to comply with regulations puts particular pressure onrepparttar 109525 healthcare industry to enhance their use of technology and “catch up” with other industries of similar size and scope.

The privacy protection provisions in HIPAA pose a major compliance challenge forrepparttar 109526 healthcare industry. These provisions are intended to protect patients from disclosure of any of their individually identifiable health information. Organizations that fail to protect this information face fines ranging from $10,000 to $25,000 for each instance of unauthorized disclosure. Ifrepparttar 109527 disclosure is found to be intentional, HIPAA provides for fines ranging from $100,000 to $250,000 and possible jail time for individuals involved inrepparttar 109528 violations.

Secure Your E-mail Systems - Protecting Against Port 25 Vulnerabilities

Written by CipherTrust

It goes without saying that e-mail plays a critical role in any organization. This relatively new communication technology has, by many accounts, replacedrepparttar telephone asrepparttar 109512 most useful business tool available. Unfortunately, e-mail has also been a victim of its own success and presents a unique threat torepparttar 109513 enterprise network as a whole.

Protecting networks from viruses and hackers has traditionally beenrepparttar 109514 responsibility ofrepparttar 109515 Firewalls, Virus Scanners, and Intrusion Detection Systems (IDS) set up by enterprises as a defense againstrepparttar 109516 myriad attacks they come under each day. Virus scanners scan each PC inrepparttar 109517 network, gateway servers are guarded against attempts to gain access by locking down extraneous ports and firewalls prevent unauthorized programs from accessingrepparttar 109518 network. All these measures prevent direct attacks againstrepparttar 109519 network on every port except port 25 and port 110 –repparttar 109520 ports used by SMTP (Simple Mail Transfer Protocol) and POP (Post Office Protocol) to transmit e-mail from one server to another.

Ports arerepparttar 109521 openings inrepparttar 109522 operating system through which applications connect to each other. When a firewall receives an e-mail connection on port 25, it generally assumes thatrepparttar 109523 transmission is e-mail and allows it to flow through torepparttar 109524 e-mail server. The transmission may be a valid e-mail, it could be a virus or a spam, or it could be a job offer for an employee or something much worse. Regardless ofrepparttar 109525 true intent ofrepparttar 109526 “e-mail”, at this point it is incumbent upon various systems withinrepparttar 109527 network to guard against these threats. Unfortunately, experience has taught us that partial success in these areas isrepparttar 109528 norm, notrepparttar 109529 exception.

Stop E-mail Threats at The Gateway

The best place to stop a threat is before it gets insiderepparttar 109530 network. Virus scanners are only as good as their latest update, and are virtually useless against new viruses that have yet to be identified. If a user does not update his virus definition list, then his machine will be infected. A pornographic spam will offend an employee when it slips throughrepparttar 109531 spam filter, andrepparttar 109532 job offer fromrepparttar 109533 competitor won’t go away oncerepparttar 109534 recipient has printed it out on her printer. The best way to prevent these malicious attacks is to stop them before they become a problem – atrepparttar 109535 gateway.

Stopping spam and other malicious e-mail traffic atrepparttar 109536 gateway requires a coordinated effort to solve a whole host of issues. These include, but are certainly not limited to, spam, viruses, corporate policy infringements, directory harvest attacks, denial of service attacks, phishing, spoofing, and snooping. Furthermore, accuracy in identifying spam e-mails is crucial. It is much better to receiverepparttar 109537 occasional spam than accidentally filter out an important e-mail from a customer.

Cont'd on page 2 ==> © 2005
Terms of Use