• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact
five steps to HIPAA compliance

Five Steps to HIPAA Security Compliance

October 16, 2013 HIPAA Law 2 Comments
The health insurance portability and accountability act has set various guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing and sharing any electronic medical data to keep patient data secure . Lack of compliance to the HIPAA security standards could lead to large fines and in extreme cases even loss of medical licenses. Several steps can be followed by medical practices to ensure compliance to HIPAA standards. These steps include:
Run a complete risk assessment of the medical practice
Some medical practices adopted electronic health recording systems before there were clear guidelines on what these systems should contain. This means that a medical practice could be using electronic systems which are not compliant with HIPAA standards. To ensure HIPAA compliance a risk assessment should be done on the current systems using HIPAA standards and guidelines to highlight areas in which compliance is not enforced. A risk assessment against HIPAA guidelines exposes areas in which changes are needed.
Prepare for disaster before it occurs
All the data handled by a medical practice should be safe both from loss and corruption. One of the main ways of ensuring that data is not lost in case of any mishaps is backing up of medical data regularly. Data should be backed up in an offsite location such that in case of incidents such as fires in the medical premises the data backup is not destroyed, as well. Antivirus programs should also be installed in all computers to ensure that data is not corrupted or destroyed by computer viruses.
Have an ongoing employee training program
Any system is only as strong as its weakest link and in most cases untrained employees are the weakest links in medical practices. A medical practice could have a very secure encryption system, but if the employees don’t use their passwords to securely access records and files the encryption system is rendered useless, and anyone can gain access to these records. Medical practices should continually train their staff on how to follow the right security protocols to ensure data integrity and security.
Buy medical products with security compliance and compatibility in mind
New equipment bought for a medical institution should be compatible with existing systems and should offer enough security features. Some medical equipment may offer enough security features but may be incompatible with existing systems or vice versa. Thus before making any major purchases enough review of the product should be done to ensure both security and compatibility.
Collaborate with affected parties
Changes which need to be made to bring about HIPAA compliance affect many people in the medical practice. Affected departments should be consulted when making changes to ensure all parties affected by the changes are happy with the changes.

The Health Insurance Portability and Accountability Act has set various guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing and sharing any electronic medical data to keep patient data secure . Lack of compliance to the HIPAA security standards could lead to large fines and in extreme cases even loss of medical licenses. Several steps can be followed by medical practices to ensure compliance to HIPAA standards. These steps include:

Run a complete risk assessment of the medical practice
Some medical practices adopted electronic health recording systems before there were clear guidelines on what these systems should contain. This means that a medical practice could be using electronic systems which are not compliant with HIPAA standards. To ensure HIPAA compliance a risk assessment should be done on the current systems using HIPAA standards and guidelines to highlight areas in which compliance is not enforced. A risk assessment against HIPAA guidelines exposes areas in which changes are needed.

Prepare for disaster before it occurs
All the data handled by a medical practice should be safe both from loss and corruption. One of the main ways of ensuring that data is not lost in case of any mishaps is backing up of medical data regularly. Data should be backed up in an offsite location such that in case of incidents such as fires in the medical premises the data backup is not destroyed, as well. Antivirus programs should also be installed in all computers to ensure that data is not corrupted or destroyed by computer viruses.

Have an ongoing employee training program
Any system is only as strong as its weakest link and in most cases untrained employees are the weakest links in medical practices. A medical practice could have a very secure encryption system, but if the employees don’t use their passwords to securely access records and files the encryption system is rendered useless, and anyone can gain access to these records. Medical practices should continually train their staff on how to follow the right security protocols to ensure data integrity and security.

Buy medical products with security compliance and compatibility in mind
New equipment bought for a medical institution should be compatible with existing systems and should offer enough security features. Some medical equipment may offer enough security features but may be incompatible with existing systems or vice-versa. Thus before making any major purchases enough review of the product should be done to ensure both security and compatibility.

Collaborate with affected parties
Changes which need to be made to bring about HIPAA compliance affect many people in the medical practice. Affected departments should be consulted when making changes to ensure all parties affected by the changes are happy with the changes.

Tags: American Recovery and Reinvestment ActHIPAAHIPAA Administrative SimplificationHITECH ActPrivacySecurity
2 Comments
Share
0

You also might be interested in

HHS Publishes Proposed Rule for Electronic Health Record Incentive Program

Jan 13, 2010

HHS published today in the Federal Register:  “Medicare and Medicaid[...]

Exploring HIPAA and HITECH Act Definitions: Part 8

Nov 19, 2009

From now through November, HIPAA.com is providing a run through[...]

Standards for Privacy of Individually Identifiable Health Information

Dec 28, 2000

STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION 45 CFR[...]

2 Comments

Leave your reply.
  • Stephanie Joy
    · Reply

    July 11, 2015 at 1:28 AM

    Hair testing collection company in Topeka Kansas gave my information to someone else without my consent. Also no licenses or certificates posted

  • Danielle Fountain
    · Reply

    August 22, 2016 at 3:40 PM

    what type of bin is HIPAA compliant for papers to wait until the Shred man comes?

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next