HIPAA and YOU

Posted 27 June, 2007 in education

security.jpgThe Administrative Simplification (AS) provisions of Title II of HIPAA (pronounced “Hip-Uh”), are to the medical community what Sarbanes-Oxley is to the financial world; in a sentence, HIPAA provides national healthcare privacy standards for operations and penalties for non-compliance.

HIPAA Overview:

  • Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits.
  • Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
  • Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required.
  • Ensure compliance by the workforce

What does this all mean to you? Well, before signing up, you should ask some tough questions to your hosted EHR provider, such as:

  1. Are their backups encrypted?
  2. What sort of physical access security do they have?
  3. Do they maintain both read and write access logs at the database level?
  4. Is credit card information encrypted?
  5. Are passwords one-way hashed?
  6. Is SSL used to encrypt data traffic?
  7. Do user passwords expire?
  8. When they have employees leave, what measures are in place for revocation of access?
  9. Is data ever stored on non-company computers?
  10. If data is transported physically, is it encrypted?
  11. Do workstations auto-lock when employees step away?
  12. How is media properly disposed of?
  13. What server operating system is used? (if it’s Windows, you should look for a better vendor…)

Also, be sure to see their Data Backup Plan, Disaster Recovery Plan and Business Continuity plan.

Here’s a sample HIPAA Security Checklist and here’s yet another HIPAA Security Checklist

3 comments to “HIPAA and YOU”

healthTech.accordingtome.com » Healthcare IT Alphabet Soup -- Descrambled!, June 29th, 2007 at 6:31 pm:

  • […] HIPAA (Health Insurance Portability and Accountability Act): provides national healthcare privacy standards. It’s another reason why outsouring your EMR system is a good idea. […]

healthTech.accordingtome.com » HIPAA-- it's got teeth now, July 7th, 2007 at 10:04 pm:

  • […] audits and levied penalties), laws are essentially meaningless. In en effort to prove that the HIPAA regulations were meant to be both read and obeyed, the Department of Health and Human Service (HHS) has begun […]

healthTech.accordingtome.com » How good is your hospital? (JCAHO CMS to the rescue!), July 10th, 2007 at 6:00 pm:

  • […] talked before about the importance of universal metrics: IT security metrics (see: HIPAA intro and HIPAA enforcement) and EHR functionality. Well, now that you have patient encounter data safely […]

Your comment:

You must be logged in to post a comment.


NAVIGATION

Powered by AccordingToME.
Health Blogs - BlogCatalog Blog Directory Blog Directory Blogarama Globe of Blogs Blog Listings All-Blogs.net directory blog search directory