What is HIPAA compliance? Having a thorough understanding of HIPAA compliance is imperative for any IT professional working in the healthcare sector. This factor is especially important as technology evolves, and more affected organizations utilize innovative tools like mobile devices and Health Information Exchanges.
But what is HIPAA compliance?
As this article explains, HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. A comprehensive IT plan for HIPAA compliance must include, training, review, and safeguards.
TRAINING:
For training to be effective, it must be current and thorough. Members of the medical and administrative staff need regular and comprehensive training to lessen the practice’s risk of exposure to data leaks and potential financially crippling HIPAA violation penalties.
REVIEWING:
As technology and regulation evolve, it is important to incorporate regular reviews of policy and procedure as it pertains to patient information and how that information is shared and stored.
SAFEGUARDING:
There are three basic areas to consider when developing safeguards; physical, administrative and technological.
1. Physical
Organizations covered by HIPAA must have physical measures in place to protect both traditional and digital data from unauthorized intrusion. These actions may include having a patient’s charts placed in areas where only authorized personnel have access, securing laptops with passwords and keeping them in safe locations and putting security cameras in those locations. Policy and procedure training must include instruction for proper use.
2. Administrative
Security controls have to be evaluated regularly from a risk management standpoint in the following administrative areas of your medical office:
- Assignment of responsibilities
- Workforce security
- Awareness and training
- Incident reporting protocols and periodic analysis
- Contingency planning
- Emergency data recovery planning
- Vendor access and control – confidentiality contracts
3. Technological
IT is the fastest evolving area of a practice today. Tech areas that need to be kept in compliance with HIPPA regulations are:
- Data encryption
- Data storage options
- Data disaster planning
- Data recovery planning
- Email filtering
- Web filtering
- Digital data sharing
- Risk analysis
Consequences of non-compliance
So now you know the answer to the question, “What is HIPAA compliance?”. Having a thorough understanding of the complicated requirements for HIPAA compliance also means that the penalties for violations are also understood. HIPAA violations and resulting lawsuits are soaring. The dollar amount of awards and settlements for HIPAA ITsecurity violations is currently at $20.3 million, (for the first eight months of 2016) that is an increase of 32% from 2105.