What Is HIPAA?
HIPAA stands for the “Health Insurance Portability and Accountability Act” which was passed into law in 1996. It was not until 2003, as deadlines for compliance became effective, that it became a real issue in healthcare related industries. This act mandates that all patient information is secure. This includes both written and electronic formats.
There are three main areas that HIPAA addresses:
- Privacy & Security
- Unique Health Identifiers
- Administrative Simplification
HIPAA was put in place to ensure all patient information is recorded, stored, secured, and accessed with rules and processes that are universal.
IT & HIPAA
HIPPA requirements naturally involve and impact IT departments due to the migration from written to E-PHI (Electronic Patient Health Information) files, along with the storage and protection of these files. E-PHI’s now need to be stored and protected in compliance with HIPAA.
Technical Safeguards include (HHS.gov):
- Access Control. A covered entity (establishment that must be in compliance with HIPAA) must implement technical policies and procedures that allow only authorized persons to access electronic protected health information.
- Audit Controls. A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.
- Integrity Controls. A covered entity must implement policies and procedures to ensure that e-PHI’s are not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed.
- Transmission Security. A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.
Who handles compliance and security?
HIPAA has caused a surge in the need for IT personnel, both on and off site. Many organizations that are subject to HIPPA requirements outsource some or all of the tasks required, to implement procedures and maintain compliance, to 3rd party IT services companies that specialize in HIPAA compliance and network security.
Two IT roles are typically involved in HIPAA compliance and security of E-Phi’s: (certmag.com)
- Network Administration: needs to know how to secure the network and the existing infrastructure, monitor the firewall, and protect the network from intrusion.
- IT Manager: needs a more thorough understanding of how HIPAA affects their teams and existing infrastructure and systems. The IT manager needs to determine what is required to be compliant, how to implement the proper solutions, and manage deadlines associated with HIPAA.
Why Using a 3rd Party IT Company is the Right Choice:
Compliance and security of a network is a full time job. Many organizations have IT staff, but may not have the ability or desire to handle this responsibility in its entirety.
Using an IT Company that specializes in data migration, storage, backup and disaster recovery, and security allows covered entities to:
1. Migrate data to E-PHI’s
2. Meet compliance policies
3. Have a secure network
4. Have personnel manage all processes and systems
Using a 3rd party makes sense fiscally, but the value of risk mitigation from this strategy may be even more important. Some of the benefits are:
· Minimize the possibility for conflicting interests and tunnel vision that in-house personnel may have
· Ensure you are going beyond the minimum requirements for compliance and security
· Ensure security solutions are being continually improved and updated and are reasonable and actionable
Using a 3rd party company to complete the audit and implement solutions will provide peace of mind when it comes to risk mitigation and the insight needed to meet HIPAA compliance in a cost effective way.
Abtech Technologies offers best in class HIPAA compliance auditing and implementation in conjunction with data migration, data storage and security, cloud backup and disaster recovery, network operation center (NOC) services, and systems monitoring and maintenance for every covered entity.