HIPAA_Compliance

Is your medical office HIPAA compliant? Here are 8 HIPAA technical requirements you should address to avoid fines that could cost tens of thousands.

In recent years, there’s been cases of data leaks either through innocent cases losing a notebook or information to leak in the office. Tighter IT security measures and policies can help prevent unauthorized access to medical data. We’ve compiled a list in-line with the HIPAA and Omnibus technical requirements and regulations.

Review for HIPAA Compliance

  • Assigning unique usernames– This helps to identify and track different users in Medical Office software containing patient health information.
  • Contingency procedures for accessing medical data in an emergency– A well-documented procedure that can appropriately guide any authorized staff to access protected medical information.
  • Logging off idle sessions– This is a good way to protect and minimize any unnecessary user load on the system, as well as preventing any potential unauthorized access to unattended endpoints.
  • Encryption and decryption of data– Put into place an encryption and decryption process when accessing or externally sending out any sensitive medical information.
  • Auditing systems– It’s strongly advised to run periodic audit controls on systems, including software, hardware, and not excluding, procedures, that use and hold confidential and sensitive medical information.
  • EPHI Integrity– Prevent any alteration of destruction of protected medical information by implementing effective procedures and clear procedures.
  • Authentication procedures– Authenticate authorized staff that are verified to be who they say they are and which are granted access to specific medical information.
  • Securing external transmissions of data– Implement technical and updated security processes to protect data from unauthorized access, especially when transmitted via any type of electronic communications network.

Next Steps

Now that you have a better idea hipaa technical requirements within the IT portion of the HIPPA regulations. The next step is to take action and formulate your own policies and procedures.

Most changes in procedures can be delivered as onsite training for staff, which in our experience is very effective. You may have the best tools in the industry to protect data, however it is also what staff do within these procedures that matters. For example, staff may occasionally share usernames and passwords, or even write them down on a Post-It note and leave these on their desks, all of which are prone to social engineering types of compromises. Not only is this a risk, but it also makes it difficult to audit and trace any work or process carried out on endpoints.

For more ways to secure your medical office technology to ensure HIPAA compliance, contact your local IT professionals.

Read More