If you keep up with our blog, you're probably well aware of the importance of maintaining a HIPAA-compliant healthcare practice. Originally signed into effect in 1996, the Health Insurance Portability and Accountability Act (HIPAA) is a set of laws that doctors, hospitals, chiropractors, dentists, and other “covered entities” must follow in regards to patient privacy. Among the requirements set forth by HIPAA includes technical safeguards, which is something that we're going to discuss further in today's post.
Physical vs Technical Safeguards
The Department of Health and Human Services (HHS) requires covered entities to implement meaningful appropriate PHYSICAL as well as TECHNICAL safeguards to prevent the unauthorized access and/or disclosure of Protected Health Information (PHI). Physical safeguards consist of tangible measures taken to secure PHI, with some commonly examples being locked doors, locked file cabinets, and privacy screen protectors. Technical safeguards differ in the sense that they are intangible and cannot be felt.
Unique User Identification
The HHS required all covered entities to use a unique user identification system. In other words, the computer system/network must be set up in a manner that requires staff members to log in using their own unique ID. If a breach ever occurs – and it's in some way related to a specific user – the healthcare practice will have an easier time determining what happened and how to prevent it.
Of course, another technical safeguard that shouldn't be overlooked is data encryption. Transmitting PHI that's not encrypted is just asking for trouble, as anyone can intercept and read it. While the HHS doesn't specifically say that encryption is a requirement of HIPAA, it's still a good idea to use it nonetheless.
Firewalls and Virus Scanners
What type of software does your healthcare practice have in place to prevent unauthorized access of PHI? At the bare minimum, you should be using a firewall and virus scanner, although keep in mind that the effectiveness of software such as this lies heavily in whether or not they are updated. When a new version is released, your healthcare practice must implement it immediately. Failure to do so could leave gaps in your system that can be exploited by hackers and other individuals with nefarious intent.