HIPAA (The Health
Information Portability and Accountability Act) was designed to protect the
privacy of individually identifiable health information. The complexity of protecting that information
is growing as government mandated moves to increase Meaningful Use of
Electronic Health Records (EHR) enter Stage 2 in 2015.
Regularly updating your security protocols will help to
protect your practice from break-ins or accidental breaches. Below are some ways to help your Electronic
Health Records stay HIPAA compliant and secure.
- Initial Risk Assessment. An initial risk assessment can help you determine where the sensitive EHR is being stored and how it is accessed. This allows you to find potential areas of weakness and take steps to reduce existing risks.
- Encrypt Electronic Protected Health Information (ePHI). Properly encrypted date is protected even if other safeguards fail. Data encryption is necessary to prevent improper disclosures of ePHI.
- Utilize Secure Servers. Only authorized staff should have access to servers and they should be password-protected or secured with public key authentication. Encryption is the first line of defense, but ensuring that servers where ePHI is stored are both physically and virtually secured is also crucial.
- Do Not Allow the use Portable Drives for ePHI. A portable drive can be easily misplaced or stolen.
- Limit Access. Staff should only be able to access ePHI that is critical to their ability to perform their job and they must be properly trained on HIPAA compliance. Employee access to workstations and software must be limited with authorizations, passwords, and clearance levels.
Securing electronic personal health information is a must to
maintain HIPAA compliance. Start byconducting a risk assessment today!
No comments:
Post a Comment