How Virtual Desktops Help Address Key HIPAA Compliance Challenges
March 8, 2018
Healthcare security breaches aren’t slowing down. By mid-2017, nearly half of surveyed healthcare providers and health plans reported that they experienced a HIPAA violation or cyberattack, up 10 percentage points from 2015.
While every covered entity and business associate should know by now that they need to be HIPAA compliant when handling, transmitting or storing Personal Health Information (PHI), that is often easier said than done. Some of the biggest challenges are tech-based, some are rooted in human nature and some are the result of changing workforce trends and preferences, but many can be directly addressed and mitigated by adopting virtual desktops.
Challenge 1: Employee Behavior
Good security training is important to minimize human error, but people are fallible and lessons learned in training aren’t always retained months down the road. To combat this, organizations that handle PHI should have strong security measures in place that control user behavior and protect data.
Implement security controls on a use-case basis to ensure no users have more permissions than necessary. When dealing with PHI, prohibiting actions such as copy/paste, printing, screen capture and external saving are particularly important unless strictly necessary to perform the job. By locking down these functions, end users will have a harder time maliciously stealing information or accidentally causing a breach (either without knowing it or by taking a shortcut to make work easier).
How Virtual Desktops Help
Virtual desktops make it easy to implement and update security and controls across users – regardless of where they’re located. When controls need to be updated, IT doesn’t need to touch each endpoint individually. Instead, the changes are made to the virtual desktop Golden Image and automatically pushed to each desktop from that image. Some virtual desktop solutions also feature automated vulnerability patching, making it even easier for IT teams to manage risk. By making it easier to always keep tight controls in place, HIPAA compliant organizations can take technical steps to mitigate human behavior risk.
Challenge 2: Lost or Stolen Devices
Lost and stolen devices remain a major source of compliance breaches for healthcare organizations. In healthcare, 21% of data breach incidents were the result of a lost or stolen laptop containing unencrypted PHI. In one notable case, a laptop containing PHI stolen from an employee’s car eventually lead to a $2.5 million settlement with the U.S. Department of Health and Human Service, Office for Civil Rights. While encrypting sensitive data is important, organization that handle PHI should go further to prevent a breach if a device is lost or stolen.
How Virtual Desktops Help
With virtual desktops, data is never stored on the endpoint. Since employees access, work with and save data via a desktop image (with the data being saved to a datacenter rather than the local machine), there is no protected information on the device itself. This means that in the case of loss or theft no information is improperly exposed.
Challenge 3: Mobile Access
Mobility is a growing trend within healthcare as it enables providers to be more productive. More than 75% of HealthITSecurity.com readers said that using mobile technology (such as a smartphone or tablet) is important or very important to their practice. But the more devices that access PHI, the more at risk that information is. The nature of mobile devices, which are often employee-owned, increases that risk as the devices are easier to lose (or have stolen) and may be used for personal reasons as well, increasing the chances of accidental exposure of protected information.
How Virtual Desktops Help
Virtual desktops can be accessed from any internet-enabled device, including mobile phones and tablets. By implementing virtual desktops, organizations can ensure that their security and compliance controls remain in place regardless of what endpoint users are accessing the desktop from. It also keeps data off the endpoint, mitigating the risk from loss or theft.
Challenge 4: Completing HIPAA Audits
Organizations that handle, transmit, store or access PHI regularly report difficulty preparing for HIPAA audits. Preparing for an audit often means having in-house compliance experts and requires ample time to collect and document the pertinent information. The technical safeguards aspect of audits are the most challenging, according to 43% of organization.
How Virtual Desktops Help
Virtual desktops alone don’t necessarily help with HIPAA compliance unless they were designed, built and maintained to meet those particular compliance standards. However, desktop as a service providers that offer a HIPAA compliant solution can help organizations be much more prepared for audits.
Not only does the DaaS provider cover a portion of the technical requirements for compliance, but a reputable provider will have its solution independently audited and verified annually to ensure sustained compliance. The result of this annual audit is an up-to-date Attestation of Compliance that your organization can use to more easily complete required audits.
You may also like:
More Posts like This
Chromebooks: An Inexpensive VDI Endpoint Option for the Right Use Cases
Feb 23, 2023
Chromebooks are an inexpensive end point device that are an excellent option for virtual desktop environments. ChromeOS enables IT to deliver secure devices, fast deployment, and cloud-first management. READ MORE
Announcing Dizzion Managed Desktops on IBM Cloud
Apr 13, 2021
Dizzion extends AnyCloud global delivery with new Managed Desktops on IBM Cloudâ, featuring VMwareâ Horizon technology Earlier today, Dizzion announced ...READ MORE
End of Year VDI Auditing & Planning
Nov 15, 2018
As the year comes to an end, spend time auditing your virtual desktops and planning for the future so you can have a smooth, productive 2019. READ MORE