For healthcare organizations, remaining HIPAA compliant can be both necessary and challenging. In the United States, healthcare organizations are required to abide by the Health Insurance Portability and Accountability Act (HIPAA) of 1996. This act provides guidelines pertaining to the handling of patient information across a number of platforms.
In an article by Kristen Lee, titled Q&A: The main reason healthcare organizations violate HIPAA, an interview is conducted with Michael Archuleta, director of IT and HIPAA security officer at Mt. San Rafael Hospital in Trinidad, Colorado. It is within this interview that Archuleta recommends two important items that can ensure HIPAA compliance:
-
Encryption is the first recommendation made by Archuleta. For healthcare organizations, ensuring that data is encrypted is key to making it more challenging for hackers to decode. David Reis, CISO at Lahey Hospital and Medical Center, states, "Data at rest encryption is just the single biggest thing that any healthcare organization can do to help prevent breaches and ensure compliance with HIPAA. On laptops encrypt the drives, use encrypted USB storage devices, enable encryption on mobile devices that interact with email and then be very sensitive about backup tapes because they can get lost."
-
Secure texting is Archuleta's next recommended layer of security. Healthcare organizations, such as hospitals, can often provide a hectic environment in which communication must be transmitted as quickly as possible. In some cases however, security is sacrificed with the purpose of saving time. Communicating is important, and often times private information over standard and unsecured carrier short message service (SMS) can create serious vulnerabilities.
In his article titled, Secure Text Messaging Saves Time and Fosters HIPAA Compliance for Hospitals, author Don Fluckinger notes issues with standard SMS that include, but are not limited to, messages that are stored in device memory, and that can further be read by anyone using that particular device. Though he goes on to state that the adoption of secure texting systems can, "mitigate many, if not all, of the logistical and compliance problems that traditional phone communications and default smartphone SMS texting pose to healthcare organizations." Being able to communicate securely should be just as, if not more, important than communicating quickly, especially with regard to healthcare institutions.
When it comes to the sensitive data stored and transmitted within healthcare organizations, complying with the guidelines set out by HIPAA can promote the safety of information as well as the avoidance of fines and potential legal action. The recommendations of implementing data encryption and secure texting are integral pieces to the completion of the HIPAA compliance puzzle.