HIPAA Security Rules
On April 20th of this year, the Security Rule portion of the Health Insurance Portability and Accountability Act of 1996, or HIPAA, came into effect. This Act, enforced by the Department of Health and Human Services Office for Civil Rights, is designed to set computer security and safety standards for healthcare and insurance offices.
According to the Department of Health and Human Services:
“This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications.”
The recurring theme to the HIPAA Security Rule is “reasonable and appropriate” and implemented solutions should be appropriate for the size of the office, as well as reasonable, in that they encompass foreseeable security threats. The problem is that most medical and insurance offices simply do not have the staff on board with the skill set to make those determinations.
A recent study done by the Healthcare Information and Management Society of Chicago interviewed 15,000 individual members and practices and discovered that only 18% of the firms polled expected to be compliant with the Security Rule by the April 20th deadline.
In an effort to not be in that non-compliant 18%, the office of Dr. Mark Randel decided to contract AlphaTech Solutions to handle there HIPAA Security compliance activities. According to Office Manager, Susan Alexander, the decision was easy to make, “We already had a working relationship with AlphaTech and with the fast-approaching HIPAA Security deadline we knew we should outsource this task to someone who had both the technical expertise and knowledge of the HIPAA requirements.”
The compliance efforts at Dr. Randel’s office began with an initial security audit as required by the HIPAA Security Rules. The results of the audit are then compared to the standards set by the Security Rule. From there, a Risk Management plan is created to get the office from where it is to where it needs to be (in compliance). At this time a maintenance plan is implemented that is designed to keep the office in compliance in regards to security monitoring, auditing and testing. Encompassing all of this is the documentation process. All decisions and processes must be documented as per the Security Rule.
With the deadline now past us, it is most important for medical offices to make serious strides towards compliance.
Please contact us if you need assistance in your HIPAA compliance efforts!
Computers With Patient Data Stolen On Eve Of HIPAA Security Rules
As HIPAA deadline passes even the unprepared are safe for now
Hospital Treats its Own Spyware Infection
The Many Faces of Spyware