Every Medical Office Should Have Some HIPAA

HIPAA

HIPAA is like a hippo. It protects what it believes, and fights for what is right.

There is nothing worse than a patient’s records leaking out to the public. HIPAA looks to eliminate the possibility of inadequate patient confidentiality. HIPAA is the Health Insurance Portability and Accountability Act of 1996. All medical establishments that use SOS Support have to be HIPAA compliant in order to legally function. It is required to protect patient records from unwanted eyes.

There are four fundamental key sections in HIPAA. Physical safeguards, technical safeguards, technical policies, and network/ transmission security.

 Physical safeguards include limited facility access and control, with authorized access in place. All covered entities or companies that are HIPAA compliant must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).

– Technical safeguards require that access control be allowed only to authorized users to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.

Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations.

– Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact.

– Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.

If you have question and want to learn more about HIPAA and these 4 points, just head over to this website for some more info.