What kind of safeguards does your practice to use to protect patients' information from unauthorized use or access? The Health Insurance Portability and Accountability Act (HIPAA) dictates that all covered entities must implement a combination of technical, administrative and physical safeguards. Because the wording used in HIPAA Rules is somewhat general – for the purpose of allowing expansion at a later date – many covered entities are confused regarding which safeguards are right for their practice. In today's blog post, we're going to take a closer look at some of the most common and effective technical safeguards.
What is a Technical Safeguard?
A technical safeguard – when speaking in the context of HIPAA – is any technical measure that's used to prevent unauthorized access of Protected Health Information (PHI). While physical safeguards consist of tangible objects and measures, technical safeguards are intangible and cannot be felt.
Why Technical Safeguards are Important
Implementing technical safeguards is critical for all healthcare providers and covered entities. For starters, the HHS requires it as part of HIPAA. Failure to do so could result in fines, citations or other penalties. Fines related to HIPAA violations are rare, but they do occur. We've even blogged about a few of them here on our blog.
But the real reason why there's such an emphasis placed on technical safeguards pertains to the growing trend of Informations Technology. More and more doctors and hospitals are adopting computer systems to perform their normal operations. Instead of storing patient files in physical manila folders, for instance, they are storing it either locally on a hard drive or remotely on the cloud. Technical safeguards are used to ensure any PHI stored on such devices is secure and protected from unauthorized use.
“Technical safeguards are becoming increasingly more important due to technology advancements in the health care industry. As technology improves, new security challenges emerge,” wrote the Department of Health and Human Services (HHS).
List of Common Technical Safeguards
- Data encryption
- Virus scanner
- Remote data wipe function
- Disk defragmentation
These are just a few of the many technical safeguards that covered entities should consider using. Again, the HHS doesn't specifically state that doctors or other covered entities have to use any of the aforementioned safeguards, but rather the HHS simply says they should use meaningful and appropriate technical safeguards.