HIPAA violations due to non-compliance with network cabling standards

Please wait while you are redirected...or Click Here if you do not want to wait.

It is a fact that Information Technology professionals are being asked to provide more capabilities than ever before, on smaller budgets and with fewer people. Internet Protocol (IP) convergence has enabled voice, data, video, building automation and security to be provided over a single network infrastructure.

 

Research shows that half of all network problems arise from issues in the physical infrastructure. Yet the physical infrastructure is largely overlooked. Developers are slowly embracing the idea of technology infrastructure as an integral part of building design, a practice that is routine in some parts of the world but still an after-thought in many construction projects today. I embrace the challenge of educating Architects, Building Owners, Information Technology Managers and Facilities Managers about the importance of including in the early stages of planning and design, the coordination of this infrastructure and setting the guidelines for commissioning to ensure that the client’s needs are met. As a member of architectural design teams, working with healthcare organizations during the past two years, I saw the challenges of the IT Professionals and when I mentioned looking at automating and managing the infrastructure, staff resistance, and no funding for changes or adopting automation surfaced as the top reasons for not considering this approach.

Now, more than ever, to meet the demands of communications, life-safety and building automation, the cabling infrastructure is truly an important system utility within the building. We are rapidly reaching the point where most every medical device today is built on electronics, in one form or another. In recent years, several factors have forced the healthcare industry to move towards the use of computer networking and the development of electronic health (ehealth) strategies to improve the efficiency of their operations. The healthcare industry is, at its core, a complicated information-management industry with a number of challenges, but let’s narrow them down to reliability, security and manageability. Risk assessment is tailored to the covered entity-its size, complexity and capabilities. In addition, risk and cost are both taken under consideration when determining whether an “addressable” standard applies or how to best meet a “required” standard. Along with “required” Administrative safeguards which focus on workforce training and contingency planning, “Physical safeguards,” are concerned with access both to the physical structures of a covered entity and its electronic equipment.

“Required” technical safeguards include but are not limited to:

– Establishing policies limiting software program access to only those with authorized access.
– Activity logs (“audit logs”) of all systems that contain electronic protected health information (ePHI) must be maintained.
– Policies to protect ePHI from alteration and destruction must be established and must be maintained.
– Procedures as required to verify the identity of those seeking access to ePHI.
– Transmission of ePHI over a network must be protected by technical security policies.

Encryption is an “addressable” standard.

Behind every security compliance measure is a documentation requirement. Failure to comply with HIPAA can result in civil and criminal penalties. Documentation is a major part of the
compliance challenge and with managed infrastructure solutions the audit documentation would easily include the physical layer.

There are some common threads among the managed infrastructure solutions available from major telecommunications cabling and connectivity manufacturers. For the purpose of this article, I reviewed the product documentation and spoke with the technical representatives from six of the major connectivity manufacturers.

As IT networking serves as a nerve center for successful facilities management, control, and patient care, the physical infrastructure provides the foundation that supports medical advances and patient services. With managed and automated infrastructure solutions, your physical layer does more than provide a reliable, high performance communications foundation. It gives you the vision and knowledge you need to be in control. This type of automation mitigates the impact of IT operational complexity and results in significant cost savings. Through process automation and product integration, it also delivers efficiency gains for IT staff, so they may spend more time on more strategic or innovative projects.

These intelligent managed infrastructure solutions are more than just hardware. They are comprehensive, fully-supported solutions that give you control of your physical infrastructure.

These systems show in real-time, all connections on the physical channel from the switch to the work area device regardless of whether powered on or off. The intelligent infrastructure immediately senses when there is a physical change in the channel and what specific devices are affected by the change while pinpointing the exact location of the device on a building map. Following an earthquake or other disaster, it would be great to know instantly if patient monitoring or life supporting equipment was affected.

Reporting of network status is made easier than ever with a variety of report templates, definable reporting parameters, and the ability to view reports on the screen or export report files in PDF, Microsoft Word, and Microsoft Excel formats. Integrating supplemental software is suggested by most Intelligent Infrastructure Solutions providers. It provides accelerated disaster recovery and additional insight that verifies the continuity of the horizontal cable to the work area outlet, detects broken connections or disconnects and identifies faults in the transmission room.

The day to day compliance documentation is enhanced by simplified work order management and process flow, plus work order verification. Maps and floor plans are provided to turn new and comprehensive physical layer data into valuable information. Some of the key benefits include enhanced network security, proactive management of potential threats, instant threat identification, improved asset management and the detailed records of technician involvement drives accountability and compliance to audit logs.

In reviewing several companies that provide software solutions that can simplify the automation process, most impressive is a company providing a solution that deploys quickly, discloses the information including how to fix the problem. This is presented in a useful, plain-English format and does not require the programming and configuration of traditional network management software.

Intelligent infrastructure solutions provide several benefits such as problem prevention by insuring that all network devices and links are healthy and won’t incur any problems. Equally of importance is faster more efficient trouble resolution as it discloses exactly when, where, and why network problems occur. It automates highly manual processes which assist both IT
operations and IT service management teams in delivering IT services.

There is no room for error or downtime in the healthcare industry, regardless of the cause. Adopting a proactive approach to problem solving with the use of these solutions can only benefit both network administrators and patients alike.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *