The Health Insurance Portability and Accountability Act of 1996, or HIPAA, refers to legislation passed by the U.S. government to establish industry standards to prevent the unlawful distribution of electronic Personal Health Information (PHI). According to the U.S. Department of Health and Human Services (HHS), HIPAA is designed to safeguard against the unlawful distribution of “individually identifiable health information,” including demographic data, relating to:
- An individual’s past, present, or future physical or mental health or condition
- The provision of health care to the individual
- The past, present, or future payment for the provision of health care to the individual
HIPAA Compliant Data & Network Protection
Under HIPAA rule, any “business associate” of an entity—like an IT company—must implement specific guidelines and procedures to protect PHI. It is recommended that entities and their business associates establish a written agreement outlining all HIPPA compliancy procedures, including:
Physical Security Policies
In order to prevent a data breach, physical security policies are required to specify who is and is not granted physical access to certain areas of a facility. Physical restrictions may include guests entering an entity’s campus, limited employee access to specific rooms (e.g. server rooms), or admittance policies. Key codes, security badges, and access logs are just a few of the methods used to enforce physical security policies.
Limited access control refers to what software programs, electronic equipment, or classified data an entity or its business associates are granted access to. This may include how PHI is requested and distributed and how the sharing of information is monitored within an organization.
It is important to institute workstation security policies and procedures that all entity employees must abide by. Examples of this include requiring a minimum password strength (unique characters, length, etc.), limiting unsuccessful login attempts, monitoring login access and time logs, and changing passwords regularly.
Nowadays, virus protection is an IT standard when it comes to protecting your hardware and software from malicious viruses and hackers. But, are procedures established to outline how often your virus protection is updated, or procedures set in place in the event of a data breach? Actively monitoring the hardware and software of any entity is a critical step towards data protection.
HIPAA Compliancy from Maryland Computer Service
At Maryland Computer Service, we know just how important it is to protect all client personal health information, which is why we are 100 percent HIPAA compliant. Our certified IT experts will work closely with you to determine the current state of your organization’s technology infrastructure and recommend any procedural changes necessary.
HITECH, or the Health Information Technology for Economic and Clinical Health Act, establishes civil and criminal enforcement of HIPAA rules. Click to learn more about HITECH and its HIPAA application.