* “Engage your board of directors with the chief information security officer.”
* “Use as many layers of protection as you can. Yes, this means encryption–of data at rest and of backups….”
* “Make penetration and application vulnerability testing an ongoing priority. You can do this by incorporating them these processes into operational analysis.”
* “Hire third parties to conduct your HIPAA risk assessment.” .
* ”Don’t use the cloud to store data from applications that require strict security standards. Store this data on company-owned storage.”
* “Follow Open Web Application Security Project (OWASP) standards if you develop applications.”
www.hospitalimpact.org/index.php/2015/02/11/8_best_practices_for_payer_data_security