Skip to content
olpcaustria.org
olpcaustria.org

  • Home
  • Business
  • Social Media
  • Health
  • Real Estate
  • Home Improvement
  • Write for Us
  • Contact
olpcaustria.org

On Becoming HIPAA Compliant

Jessica Bosisto, April 19, 2023April 19, 2023

As with many things in life, HIPAA compliance is more a journey than a destination. Even once you’ve done the hard work of evaluating your practice for vulnerabilities, mitigating the risks, and documenting the whole process, it’s not enough to just put a stamp on your practice that says, Compliant!, and call it a day. You must invest time in ongoing training and awareness programs, stay on top of changes to personnel, technology, and the pertinent legislation You must continually measure and address any additional risk to patient records that may be introduced or uncovered as a result of these changes, and of course, keep a record of it all as you go HIPAA Compliance Service.

If you’ve done little more than buy a book, or roll out a few standard patient privacy forms, you’re behind the curve. Many practices will hire a consultant, or dedicate a current member of their staff to working through the process of analyzing and establishing compliance. Typically, smaller practices have a few less considerations to deal with than larger practices, but most of the requirements apply regardless of practice size.

The whole process makes for a long and winding road, but even a journey of a thousand miles begins with a few steps. Here are some technical safeguards your practice should have in place, or should be strongly considering for implementation in your quest for HIPAA compliance:

Use encryption software to protect ePHI on your server. We recently saw a practice lose a server to a theft during an overnight break-in. When your data is encrypted on the server hard drives, there’s no way for the thieves to access the ePHI stored there without the unique password you create, even though they have access to the drives.

Install antivirus software on all pc’s, tablets, notebooks and servers, AND keep it current. Hackers and data thieves are always plotting new ways to break into networks and collect sensitive data using Trojan horses, root kits, data miners and viruses. Protect your network’s data from their efforts with antivirus software and make sure it stays updated so you’re protected via the latest anti-virus signatures.

Create a backup and restore plan for your ePHI. Not only are you required to protect ePHI, you are also required to produce it for your patients in a timely manner should they request access to it. A good backup and restore plan can help you achieve both objectives. Make sure you not only have a good copy of the data, but periodically test the restoration of the data to make sure it hasn’t become corrupt. Ideally, you’ll have a copy of the data off-site as well, to protect against theft, fire, storm or electrical damage to your practice.

Create and maintain unique logins to your network and practice management application for each member of your staff. Unique logins are required in order to track who has accessed your systems, when they were accessed and what information was viewed. User logins should be disabled immediately when an employee is terminated or resigns.

Encrypt all outgoing emails that contain ePHI. This can be done through software installed on premises, or through a variety of hosted email providers. Emails can be intercepted both electronically and in person if anyone else has access to the patient’s computer. Encrypting your email insures that only the intended recipient is able to open and view the contents via a password they create.

Deploy a business-class firewall to protect your network. Many firewalls sold at big retailers that are sufficient for home use are not adequate for protecting a practice’s ePHI. You want a model that will perform IDS/IPS (intrusion detection services/intrusion prevention services) functions and proxy-based analysis of the data packets entering your network.

Restrict physical access to the server storing your ePHI. You should literally keep your server protected under lock and key. Whether you do that with a small locking cage, in a locked closet that houses networking equipment, or in a dedicated room that can be locked from general access, it’s important to protect your server in this way and maintain documentation that notes the “who”, “when” and “why” of physical access to the server. Just be sure the server also has adequate airflow to protect against the damages of overheating.

Create and sign a Business Associate (BA) agreement with any vendors that may have access to ePHI. The BA agreement will outline obligations of both parties with respect to things like protecting ePHI and reporting breaches. Should your practice become the subject of an investigation by the Office of Civil Rights (OCR) due to a breach, this will be one of the first things they ask you to produce.

This list of recommendations is in no way meant to be a comprehensive test of compliance. As mentioned, these are only a few small, yet vital measures designed to help protect your ePHI as you strive for complete HIPAA compliance. Implement them all, and you’ll be on your way. Skip any one of them, and you could be creating a vulnerability that leads to a breach and a visit from the OCR. In any case, the mandate for full HIPAA compliance is here.

Opinion

Post navigation

Previous post
Next post

Leave a Reply Cancel reply

You must be logged in to post a comment.

Buy Facebook Comments

Buy Facebook Comments - CommentsHero provides customizable Facebook comments for posts, videos, or ads. Select from pre-written or custom options, strategically splitting them for maximum impact. With fast delivery in 6-12 hours and guaranteed satisfaction, trust us for safe and reliable service.

Archives

Categories

Recent Posts

  • How to Create the Perfect Freshwater Aquarium

  • Build Big Muscles With Electronic Muscle Stimulation (EMS) Devices! Do They Really Work?

  • Advanced Dog Obedience: Moving Beyond Basic Commands

  • Apostille Services for Your Legal Documents

  • HOW TO Obtain THE Immediately OMEGA Reproduction WATCHES FOR YOUR Structure

  • Greatest Things To Accomplish In Paris France

  • The Fun French Bulldog Pup!

  • Ways on How to Rent Apartments

  • Ways To Combine Credit Card Loans

  • Exceptional Pointers To Enhance Your Website’s Search engine optimization

  • Troubleshooting Instagram Login Issues: A Comprehensive Guide

  • Buy Now Pay Later Deals

  • Facts You Should Find Out About Car Leasing

  • Weed grinder

  • Sewol Ferry Tragedy: What really happened in MV Sewol Ferry?

  • Indian Matrimonial Websites Can Absolutely Be Very Useful

  • Compare Air Purifiers – Ten Factors to Consider Before Investing In One

  • 7 Essential Qualities to Look for in a Web Design Company

  • The Usefulness of a Fire Extinguisher in Life

  • Tips for hiring Wedding Music

  • 10 Inspirational Format Tips for CapitaLand’s Iconic New Condominium One Pearl Bank

  • Tips For Joining Online Gambling and Online Casinos

  • Insights from Newfoundland Owners and Breed Enthusiasts

  • Are Walk in Dental Clinics Reliable and Trust Worthy?

  • The best tips to increase your followers on YouTube

  • August brand-new house purchases surprise along with strong proving

  • Exactly how Do I Choose an Affiliate Program?

  • Key Features of Medical Clinic Software package

  • Instagram Advertising Tips for Your Company

  • Unleash Your Dog’s Potential: Effective Techniques for Improving Communication and Obedience

©2025 olpcaustria.org | WordPress Theme by SuperbThemes