In 1996, the U.S. Congress approved the Health Insurance Portability and Accountability Act, also known as HIPAA. The law is designed to protect patient privacy rights by outlining how hospitals, medical providers, and other healthcare organizations must control the disclosure of patients’ medical records. Medical organizations are monitored for compliance with HIPAA regulations by the U.S. Department of Health and Human Services (DHHS).
Why It is Important to Review Your Plan
HIPAA specifically tells us that medical organizations, engaged in collecting, retaining, and transferring patient medical records and data, should routinely review process and technologies designed to keep the records safe. If you want to stay HIPAA complaint, then having an up to date HIPAA security plan and analysis is a must.
DHHS regularly conducts audits of medical organizations. These audits are designed to review a provider’s HIPAA compliance. For example, a DHHS auditor may want to review the security of a hospital because of the various clinics affiliated with the hospital patient records.
if for example a patient’s paperwork is not immediately entered into a secure data system, it could be lost or inadvertently shared with others. These represent HIPAA violations that are looked for during an audit and are reported on as a result of a breach.
By creating an internal HIPAA security analysis plan, you are able to pre-identify areas that pose potential HIPAA compliance issues and gives you the chance to take corrective measures before these flagged items become real issues.
Technology Gap Analysis
We recommend that a technology gap analysis be done as part of a HIPAA security analysis or review update. A technology gap analysis looks at a provider’s current security infrastructure and compares it with the guidelines established by regulatory requirements. This is essential if a medical practice wants to make sure their current security infrastructure is compliant with all applicable HIPAA regulatory requirements.
With Windows 7 End of Life coming in just a few months, it is critical that a medical practice update their HIPAA security analysis and conduct a technology gap analysis — stat!
Can Your Office Run a HIPAA Compliant IT Department?
Think about it how much of a task is it to remind employees to log off their computers (when they are not using them) and to change their passwords monthly? How many of your staff actually comply? Do you actually check? HIPAA compliance requires way more than this. Medical offices (big or small) do not have the capability in-house or work with vendors that do not have the expertise to identify vulnerabilities and monitor irregular electronic activity that could be threatening the practice.
You Need Expertise where It Counts
Most IT companies do not have the training, expertise, authorization or even want to get involved with PHI records, let alone develop a plan that reflects real hands-on expertise. You need to work with an IT solutions provider that will not only develop and implement a plan for HIPAA compliance but will provide appropriate staff training, and technical support. For more information and a no obligation Security, Analysis Review Click Here.