HIPAA Compliance for Medical Practices
59.3K views | +1 today
Follow
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...
Scoop.it!

HIPAA Compliance And Data Protection 

HIPAA Compliance And Data Protection  | HIPAA Compliance for Medical Practices | Scoop.it

Patient privacy has become a major topic of concern over the past couple of years. With the majority of patient information being transferred over to digital format, to improve the convenience, efficiency and cost of storing the data, organizations expose themselves to risks.

 

Virtually all healthcare organizations in the United States are affected by HIPAA standards. This act applies to any health care provider, health plan or clearinghouse that electronically maintains or transmits health information pertaining to patients. 

HIPAA was designed to reduce the administrative costs of healthcare, to promote the confidentiality and portability of patient records, to develop standards for consistency in the health care industry, and to provide incentive for electronic communications.  With these standards in place, organizations can better protect their systems and patients can feel confident that their personal medical information will remain private.

 

Without exception, all healthcare providers and organizations must have data security standards in place according to the Standards for the Security of Electronic Protected Health Information rules (the “Security Rule”) of HIPAA. The Security Rule requires health care providers to put in place certain administrative, physical and technical safeguards for electronic patient data including a Data Backup Plan, a Disaster Recovery Plan, and an Emergency Mode Operation Plan.

 

HIPAA security standards will also require your organization to appoint someone as the security manager. This person will act as the only designated individual in charge of the security management process and will have access to the data, preventing unauthorized access or corruption.

 

It is important to choose a data protection solution that ensures all electronic protected health information (EPHI) is fully protected when it is backed up and stored. The most important consideration relates to assurances of data consistency which can be achieved with autonomic healing and integrity checks. The solution should encrypt all information (minimum AES 256 encryption) before transfer to the service providers SSAE 16 certified data facilities.

 

For healthcare providers and managed service providers – how are you addressing the requirements of HIPAA for you business, patients and customers? How does cloud backup address the requirements of HIPPA compliance? Please comment below to start the conversation. 

Technical Dr. Inc.'s insight:

Contact Details :
inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com/tdr

more...
No comment yet.
Scoop.it!

Data Encryption Is Key for Protecting Patient Data

Data Encryption Is Key for Protecting Patient Data | HIPAA Compliance for Medical Practices | Scoop.it

According to the HIPAA Final Omnibus Rule, section 164.304 sets forth the following definition: "Encryption means the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key." Although encryption is considered an "addressable" issue, and not "required" or "standard," it really should be accounted for as "required." But why? Encrypting mobile devices, laptops, hard drives, servers, and electronic media (e.g., UBS drives and CD-ROMs) can prevent the practice from paying a large fine for a HIPAA breach.

As a reminder, both Concentra and QCA Health Plan paid over $2 million in combined fines to the Department of Health and Human Services, Office for Civil Rights. The "investigation revealed that Concentra had previously recognized in multiple risk analyses that a lack of encryption on its laptops, desktop computers, medical equipment, tablets and other devices containing electronic protected health information (PHI) was a critical risk," the Office for Civil Rights said. "While steps were taken to begin encryption, Concentra's efforts were incomplete and inconsistent over time, leaving patient PHI vulnerable throughout the organization. OCR's investigation further found Concentra had insufficient security-management processes in place to safeguard patient information."

The problems with not encrypting data and failing to conform to the other requirements associated with HIPAA and the HITECH Act can have further reaching consequences. According to a recent article by Absolute Software, "Protected health information is becoming increasingly attractive to cybercriminals with health records fetching more than credit card information on the black market. According to Forrester, a single health record can sell for $20 on the black market while a complete patient dossier with driver's license, health insurance information, and other sensitive data can sell for $500."

Any physician who has had their DEA number compromised or been involved in a government investigation involving Medicare fraud knows firsthand about the importance of implementing adequate security measures and internal audits. Investing in encryption is one way to mitigate financial, reputational, and legal liability.


more...
Justin Boersma's curator insight, March 27, 2015 7:28 AM

Data encryption is vital in the protection of private consumer data collected by companies, especially medical records. Innovation in data encryption is required to prevent breaches of sensitive information as The Information Age grows in the coming years.