If you have a compliance team ensuring you’re HIPAA compliant, what can you do to make their lives easier and make them smile? Because everyone knows, a happy team is an effective team.
If you operate in the medical industry, you have to be HIPAA compliant, and implementing HIPAA compliant habits within your medical practice, your medical firm or your pharmacy just makes good sense to keep your compliance team on board, and HIPAA happy.
Luckily for you, it’s very easy to keep compliance onside by adopting a few simple HIPAA compliant habits.
But first, what is HIPAA and why do you need to be compliant?
HIPAA – Health Insurance Portability and Accountability Act
HIPAA – Health Insurance Portability and Accountability Act was introduced in 1996 as a way to protect patients and their protected health information (PHI).
It serves two functions:
To allow for continuity of health insurance cover while patients are between jobs.
To ensure a patient’s health data is kept private and confidential.
What constitutes PHI?
Basically any information pertaining to a patient – from their health status to their healthcare plan, to their insurance payments – any part of their medical record or payment record, their social security number, their name, address, you get the idea.
The main requirements for staying HIPAA compliant focus on medical professionals staying on top of their compliance training and having a process in place to check for security breaches.
And what constitutes a security breach?
• Impermissible uses and disclosures of PHI
• A lack of safeguards surrounding patient PHI
• Not allowing patients access to their PHI
• Invalid authorizations for disclosures of PHI
The most common HIPAA complaint is around mishandling PHI. So take steps to secure your patients’ PHI and implement these 8 ways to make your compliance team HIPAA happy.
1. Password protect everything
HIPAA mandates that access to all equipment containing PHI is carefully controlled and regularly monitored.
The easiest way to ensure you’re HIPAA compliant is to password protect any piece of equipment that allows access to PHI, and only let authorized personnel have the password.
2. Use cloud based fax service
When you’re transferring or sharing PHI, make sure you use an online fax service that offers end to end encryption to prevent any data breaches. If you’re still relying on traditional, analog fax machines, you’re putting patients’ sensitive data at risk.
Not only are traditional fax machines insecure when distributing PHI, unless you stand next to the fax machine all day, you can’t guarantee that incoming faxes will be picked up in a timely fashion.
It’s just not worth it.
Make the transition to online faxing and ensure that any PHI that flows over your open networks is encrypted.
3. Encrypt your files
HIPAA mandates that all equipment containing PHI is carefully controlled, so while you’re password protecting access to all of your equipment, you could go one step further and encrypt all of the files contained therein.
That way, should your computer or device get stolen, and hackers gain unlawful entry to it, your files are still securely encrypted.
4. Backup your data
If your personal computer crashed and you lost everything on it, you’d be devastated. Now imagine the catastrophe should your whole IT network crash and all of your patients’ PHI lost.
It’s just not worth thinking about.
HIPAA decrees that you’re responsible for data backups so you can always give patient’s access to their PHI – ‘the computer crashed’ is not an acceptable excuse.
Use a cloud based solution, or a thumb drive, or external drive to backup data, just make sure it’s encrypted.
5. Secure your network
If any data should flow over your network, HIPAA stipulates that you have to ensure that your network is encrypted to keep PHI secure.
An unsecured network is an open door for any nefarious individual looking to gain unauthorized access to your IT network.
Secure your wireless network using a reliable encryption protocol – WPA2, not WEP and make sure your WIFI password is strong too.
6. Use a virus scanner
How do you know if your system has a virus or if your network has been hacked? Install a virus scanner and make sure that all of your IT systems containing PHI are protected from invasion.
You could build the biggest digital fortress around your network, but if someone puts a keystroke logger on your computer, your security efforts will be in vain.
Virus scan routinely.
7. Keep a log of who has accessed PHI
Every patient has the right to know who has accessed their PHI and it’s your responsibility to keep a log of this information.
The easiest way to do this is to either keep a paper log or a digital log and every time you reveal a patient’s PHI to anyone, you keep a record of it. Simply document the date, the information you disclosed, the person you disclosed it to and the reason why you needed to disclose it.
8. Keep a record of your compliance activities
How can you demonstrate to HIPAA and your compliance team that you’re complying with HIPAA mandates? By keeping a record of every single one of your compliance activities. That way, if there are any you’ve missed, it’ll be immediately obvious and easy for you to remedy.