HIPAA Compliance for Medical Practices
82.7K views | +34 today
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...

Why Should HIPAA Compliance Matter to You

Why Should HIPAA Compliance Matter to You | HIPAA Compliance for Medical Practices | Scoop.it

Healthcare Professionals

If you are a healthcare provider or business associate, HIPAA compliance should matter because it is the law. According to the Code of Federal Regulation (CFR), if you are a provider or business associate who utilizes electronic health records, you must ensure the confidentiality, integrity, and availability of all records created, received, maintained, or transmitted. Civil monetary penalties for noncompliance that cause a breach of electronic patient records can be assessed up to $1.5 million. Criminal penalties can range from one to ten years in prison.

I believe one of the biggest issues facing small healthcare providers is lack of knowledge of exact requirements for HIPAA security compliance. Part of the problem for small providers is they often have an unclear understanding of what safeguards need to be in place for electronic health records. I see this as a huge concern. The U.S. Department of Health and Human Services (HHS) does an inadequate job providing specific guidance to small providers. It is difficult to navigate through the HHS website to find particular HIPAA compliance information.

I should know because I used to work for HHS and had oversight of complex health care fraud investigations. We had teams of lawyers and analysts to guide us in the regulatory world, whereas a small healthcare provider, if lucky, maybe will find the necessary guidance on the HHS website. Even then, the information becomes subject to interpretation by a provider with limited exposure to HIPAA regulatory compliance. Ask yourself how comfortable you are with this.


With more and more healthcare providers utilizing electronic health records, consumers (patients) need to ask those providers if they are doing everything they can to secure their health information. For consumers, HIPAA compliance matters because it equals assurance that the proper safeguards are in place to prevent unauthorized access, tampering, and theft of medical records.

A recent study by the Ponemon Institute found criminal attacks on healthcare providers have increased dramatically, up 100% since 2010. Unlike having credit information stolen where the bank or credit card company may notify the consumer about suspicious activity in a timely manner, health information compromises take longer to recognize. With all the recent emphasis on newsworthy data breaches, this is a wake-up call for patients who must treat their online health information as they would their credit information.

Medical identity theft is a profitable industry for criminals who can make a lot more money selling health information than credit card numbers. According to Dell Secure Works, an information security services company, criminals can get paid $20 for a person’s stolen health identity information, as compared to credit card numbers that may yield $1 to $2 apiece. As a former Assistant Inspector General for Investigations at HHS, I know that Medicare card numbers could be sold for up to $50 apiece. In addition, there is much more personal data at stake with health records, which can include sensitive information such as pre-existing conditions, full-blown medical histories, and prescriptions, along with a plethora of financial, employment, and family information.

So the next time you go to your healthcare provider and you are asked to sign a HIPAA release form, read the fine print. Know your rights and expectations of privacy. Most importantly, ask your providers what they are doing to protect your electronic health records.

Author: Jay Hodes is the President of Colington Security Consulting LLC and the former Assistant Inspector General for Investigations at the U.S. Department of Health and Human Services, Office of Inspector General. In that position he supervised over 200 Special Agents and professional support staff responsible for health care fraud and medical identity theft investigations throughout the eastern United States.

His company provides assistance with HIPAA Security Rule compliance by conducting risk assessments and writing practice specific risk management plans. The assessments identify vulnerabilities and risks; determine the potential impact and provide a gap analysis action plan to prevent unauthorized access, tampering and theft.

Technical Dr. Inc.'s insight:

<p>Contact Details :<br>inquiry@technicaldr.com or 877-910-0004<br><a href="http://www.technicaldr.com/tdr" rel="nofollow">www.technicaldr.com/tdr</a></p>;

No comment yet.

Can You Keep a Secret? Tips for Creating Strong Passwords

Can You Keep a Secret? Tips for Creating Strong Passwords | HIPAA Compliance for Medical Practices | Scoop.it

The computers in your office are veritable treasure chests of information cyber pirates would love to get their hands on. Only authorized personnel in a practice should have the keys to unlock what’s inside. Passwords as those keys. They play an important role in protecting Electronic Health Records (EHR) and the vital information those records hold.

The HIPAA Security Rule says that “reasonable and appropriate . . . procedures for creating, changing, and safeguarding passwords” must be in place. But the rule doesn’t stop there. It goes on to say that “In addition to providing passwords for access, entities must ensure that workforce members are trained on how to safeguard information. Covered entities must train all users and establish guidelines for creating passwords and changing them during periodic change cycles.”

Regardless of the type of computers or operating system your office uses, a password should be required to log in and do any work. Today’s blog will focus on how to create strong passwords – the kind that aren’t easily guessed. And since attackers often use automated methods to try to guess a password, it is important to choose one that doesn’t have any of the characteristics that make passwords vulnerable.

How to stay ahead of the hackers

They’re a clever bunch, those hackers. And they seem to know a lot about human nature, too. They’ve figured out the methods most people use when choosing a password. And they’ve turned that knowledge to their advantage.

To outsmart them, create a password that’s:

NOT a word found in any dictionary, even foreign ones
NOT a word any language — including its slang, dialects, and jargon
NOT a word spelled backwards
NOT based on recognizable personal information — like names of family and friends
NOT a birthdate
NOT an address or phone number
NOT a word or number pattern on the keyboard — for instance, asdfgh or 987654

A strong password should:

Be at least 8 characters in length
Include a combination of upper and lower case letters, at least on number and at least one special character, like an exclamation mark

Examples of strong passwords

With their weird combinations of letters, numbers, and special characters, passwords can be a challenge to remember. Starting with an easy-to-remember phrase and then tweaking it to fit the guidelines for strong passwords is one way around that problem.

For instance:

1h8mond@ys! (I hate Mondays!)

5ayBye4n@w (Say bye for now)

Safety first

The importance of having strong passwords — the longer, the better — and changing them on a regular basis can’t be overstated. And it goes without saying that writing a password on a Post-It note and attaching it to a computer monitor should never be done. Do everything you can to make your passwords strong, and store them somewhere safe. These steps will help ensure the security of your PHI and give those hackers fits.

No comment yet.