The Health Insurance Portability and Accountability Act (HIPAA) was established in the U.S. in 1996 to protect an individual's personal health care information. Healthcare institutions are required to meet all standards and comply with the appropriate security measures in order to safeguard patient data. These standards became enforceable by law on 21 April, 2005.
Under HIPAA, several things must be protected including any patient healthcare information that is written, spoken or electronic. Electronic data can be faxed, printed, copied or emailed and includes lab reports, insurance claims, consent forms and patient records.
Safeguarding patient data is a key concern among healthcare CIOs all over the world, as healthcare is the target industry of a vast majority of information attacks due to the nature of the information held in the healthcare record.
If your business hosts data with a HIPAA compliant provider, there are certain administrative, physical and technical safeguards in place as required by the U.S. Department of Health and Human Services.
Physical safeguards include limited facility access and control and require authorized access. All covered entities, including HIPAA compliant organizations, must have usage and access policies regarding access to workstations and electronic media. Part of this safeguarding effort requires transferring, removing, disposing and reusing electronic media and electronic protected health information.
Technical safeguards of HIPAA compliance require restrictions on access to protected health data. In other words, authorization is required to access the health record. This form of protection includes the use of user IDs, emergency access procedures, automatic log off and encryption and decryption of data.
Also on the technical side of HIPAA compliance, tracking logs must be implemented to keep a record of activity on hardware and software. This practice helps to identify the source or cause of any security violations with greater ease and quickness.
Policies are to be put into place to ensure that personal health data is not altered or destroyed. IT disaster recovery and offsite backups are necessary to ensure that any electronic media errors or failures can be solved quickly and that patient health information can be recovered accurately.
Failure to comply with these guidelines and requirements could lead to steep fines and other legal action from the government. Ensuring compliance can prove to be a tremendous challenge.
Giva makes HIPAA compliance very easy for our customers since the data center, hardware and software infrastructure of Giva's cloud help desk software meet the very strict HIPAA compliance regulations. For more information read 7 Key elements of Giva's HIPPA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.