How to Comply with HIPAA USB and External Storage Requirements

Securing Electronic protected health information (ePHI) is at the core of HIPAA security requirements. External storage devices such as USB thumb drives, flash cards, and CD/DVD drives expose hospitals and medical centers to data loss and large fines and lawsuits as of a result of HIPAA violations. 

HIPAA security requirements dictate that ePHI should be protected. This includes the requirement to block users from copying patient information to external storage devices, such as USB drives. If you have a computer or electronic medical device that has the ability to copy information to a USB storage device, that feature should be controlled.  

ThreatLocker Storage Control gives you the ability to control which USB drives, network attached storage devices, file servers,  card readers, CD/DVD drives or any other storage device can be used on your devices. Our solution can be deployed to your computers or medical devices and gives you the flexibility to create policies to permit or deny access. Access can be controlled by the user, device serial number, read/write/delete actions, path, application, or even the file type. 

This gives you the ability to make sure that only encrypted devices are being used, and employees are not copying data onto personal USB drives. 

HIPAA requirements go beyond just controlling if storage devices can be used, but also require that all ePHI is audited. With ThreatLocker Storage Control, all files that are accessed, changed, delete or copied to a storage device are recorded. This information is available for review in the case of a breach. 

To find out how ThreatLocker Storage Control can help with your HIPPA compliance by scheduling a free no obligation web demonstration.