HIPAA Compliance: How To Keep Your Practice Compliant

hipaa compliance vs certification

Managing and running a business in the healthcare sector comes with having to protect patient’s health information, mandated by the Federal Health Insurance Portability and Accountability Act (HIPPA). How can healthcare providers avoid potential problems and comply with the law?

The HIPAA law passed in 1996 and after 24 years is going strong and evolving.  In 2016 audits debuted as part of the HITECH Act (The Health Information Technology for Economic and Clinical Health (HITECH) Act, making any HIPAA-regulated provider potentially subject to audits of their privacy, security, and breach notification protocols.  Many Healthcare providers may see the law as burdensome, complex, annoying, hard to understand, or even maddening, but it comes down to one thing that everyone can agree is important: protecting patients and their medical and personal information by:

  • Improving health care delivery efficiency through standardizing electronic data interchange and streamlining transactions
  • Protecting the confidentiality and security of personal health data through the setting and enforcing of data protection security and standards

The three major components of HIPAA Compliance are:

  • Technical safeguards-  Controlling access with unique user identification (password policy, 2 factor authentication), automatic logoff, encryption, decryption and transmission security. Having protocols for verifying that a person or entity seeking access to protected health information is the person or entity claimed to be.
  • Administrative- Creating a policy and assigning a security officer to enforce the policy.  keeping communication about patient information to a minimum specially in the public areas.  Restricting use of Social Media in your office.  Protecting the records from improper alteration or destruction using view-only versus update-access mode, determining who can delete a patient file, and knowing state requirements for records retention  
  • Physical- Restricting physical access to desktop computers, laptops, servers, printers, copiers, smartphones, files, and other sensitive equipment or documents. Implementing access control and validation procedures concerning badges, keys, and key cards

Having a facility security plan to prevent unauthorized access, tampering, and theft

It’s important to remember that HIPAA compliance isn’t a one-time event; it calls for continuous improvement and the ability to stay atop any changes in the law or regulations.

Annual or semi-annual trainings are crucial to staying current, providing an opportunity to:

Roll out HIPAA updates, integrating them into your policies and protocols

Check in with team members regarding questions, challenges, and ideas related to compliance

Align your team with your practice’s standard operating procedures

CEO Computers has been assisting local Healthcare providers in the Los Angeles area with their IT and HIPAA Compliance needs since 1988.  Contact us at 818-501-2281 or visit us at www.ceocomputers.com if you require any assistance.   

Posted in IT Blog