Filter by Category

How to Build a Framework for HIPAA and HITECH Compliance

HITECH laws were enacted to up the ante on healthcare organizations to meet HIPAA legal compliance for data security and privacy, which, of course puts an additional burden on IT to make sure all bases are covered.

But regardless of the rigors of enacted laws, compliance doesn't happen overnight. It takes diligence and continued effort to understand and address all necessary requirements. To avoid the potential penalties of breaking HIPAA and HITECH laws, losing the confidence of patients and partners, and incurring hefty penalties, a focused, deliberate, measured plan is essential.

In addition to becoming familiar with HIPAA and HITECH regulations (a good place to start is the HHS.gov website), it's critical to meet with your security and management team and make decisions as to how your organization can best protect sensitive healthcare information.

One of the first places to start this process is to fully document your department's own security policy and procedures. This provides the foundation from which to train internal users in understanding and complying with HIPAA and HITECH. In fact, having your security policies documented is a requirement of HIPAA and HITECH.

If you don't currently have your security policies and procedures documented, one option for finding a good template is to Google the term, "IT Security Policies and Procedures." You will find free downloadable templates that give you a basic outline to follow.

If you already have this document in place, keep in mind it needs to be treated as a living document, to be changed and updated often as circumstances and requirements change.  Make a point to do a yearly or bi-yearly review.

Of course, documentation of security policies is only a start. You need to procure and implement proven security tools across your enterprise to protect your data -- whether the data resides on a server or is being transmitted across a network or the Internet.  A less-than exhaustive list of necessary IT security tools for ensuring compliance:  

  • Firewall: This security measure prevents intrusion into the private network from unauthorized outside viewers.
  • Email encryption: To meet privacy requirements, email communications that contain private data must be encrypted.
  • Malware protection: This step keeps spyware/malware from infecting PCs and servers containing private data.
  • FTP communications: Managed file transfer solutions are designed specifically to provide encryption, logging, and automation tools that make sure the sensitive data is secured and tracked while in motion, while reducing the time to manage all incoming and outgoing transactions
  • Backup protection: Backup files and tapes need to be encrypted and otherwise secured to make sure sensitive data can't fall into the wrong hands
  • Data shielding: Sensitive fields need to be encrypted or hidden to ensure that it can't be viewed or extracted by unauthorized viewers. A good data encryption product can also encrypt data on backup tapes as well sensitive data that might be shown in on-screen applications.
  • Physical facility protection: Server rooms, fax/copy/printer rooms, and workstations must all be considered when protecting sensitive data that is printed on paper or residing on servers or PCs.
  • Telephone and online communications: Anyone involved in telephone, online chat, or discussion groups needs to be trained to be sensitive to privacy regulations and exposing sensitive information.

As you can see, there are several aspects of compliance to HITECH and other laws that need to be considered and addressed.  Healthcare professionals and organizations need to take their patients' privacy seriously, whether in the hospital, physician office, or in electronic format on servers and digital communications with others.

Need to meet HIPAA and HITECH compliance?


 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


What is FTPS?

December 4, 2018

Whether you’re looking to upgrade from your current FTP file transfers or have new requirements from a trading partner or customer, you might be wondering what FTPS is. How does it work, you…


Need an Alternative to AMRDEC SAFE’s File Service? Start Here

November 29, 2018

AMRDEC SAFE Shut Down Due to Security Issues Bad news for the U.S. army: AMRDEC SAFE, the Army Aviation and Missile Research Development and Engineering Center Safe Access File Exchange service that…


How 3 Financial Institutions Solve File Transfer Needs with MFT Software

November 26, 2018

On a scale of 1-10, how would you rate the efficiency of your file transfers right now? If you use manual scripts, legacy software, or a myriad of free tools to balance your encryption, automation,…


Recent 2018 Data Breaches in Healthcare (and How to Avoid Them)

November 14, 2018

Phishing attacks, malware, and employee errors. These are three of the most recent causes for healthcare data breaches in 2018, with more certainly to come. The year isn’t over yet. For anyone…


Which is Better: SFTP vs. MFT?

November 6, 2018

SFTP, or MFT: that is the question. Even though we’re not all famous poets like William Shakespeare, many IT professionals will ask this question at some point or another. Should they use an…