HIPAA TIP: Content Filtering

Content filtering is the use of a program to screen and/or restrict access to web pages, domains deemed objectionable or potentially malicious. Content filtering is used by corporations as part of their cyber defense strategy to help detect specific sources or types of content being accessed on the organization’s network and will help restrict unwanted material from being delivered over the Internet via the Web or email by preventing users’ access.

Business-grade firewalls already possess the ability to perform content filtering but they need to be manually enabled and configured to the organization’s standards. A list of acceptable and unacceptable types of content needs to be reviewed with your IT team, to ensure sites that should not be viewed from a business device are blocked, such as Facebook, Instagram, even Linked In, unless the organization utilizes these websites for business purposes. Exceptions to the policy can be created for specific users (or devices) that need to access otherwise restricted content, if necessary.

Content filtering comes pre-configured with some suggested default categories to be restricted such as porn sites, gun purchases, racially-driven politics, or potential piracy or malware sites, to name a few. The more a healthcare organization can block on the Web, the less likely a man-in-the-middle attack may occur. Keep all business devices locked down as much as possible from outside risks and threats, beginning with taking advantage of content filtering capabilities.

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.