HIPAA Security: Is Your Organization Prepared?
As workers in the health care marketplace, we all should be very familiar with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This act was created and passed to ensure the privacy and security protections of patient’s individual health information.
In this digital age and with the utilization of electronic medical record (EMR) systems, the HIPAA Privacy and Security Rules have focused on health care providers, health insurance providers/plans and other entities (e.g., billing companies) that process health insurance claims.
This past fiscal year, the U.S. Department of Health and Human Services (HHS) has taken more steps to strengthen the privacy and security protections for health information, such as the expansion of its requirements to not only the health care organizations mentioned above, but to their respective business associates that receive protected health information (e.g., outside contractors, consultants, subcontractors, etc.) This expansion of requirements came as a result of numerous, large breaches of electronic patient health information (ePHI) involving health care organizations’ respective business associates. With the expansion to outside business associates also came larger fines and penalties levied by the government under the HITECH Act, based on the level of negligence committed.
To safeguard your respective organization, we always recommend to our clients that they have a custom HIPAA Security Plan created and implemented for their respective organization. This typically consists of: 1) A risk assessment to identify current areas where security exposure(s) exist, 2) Creation of tailored policies and procedures for administrative safeguards, 3) Creation of tailored policies and procedures for physical safeguards, and 4) Creation of tailored policies and procedures for technical safeguards.
These policies and procedures safeguards will then be implemented into the organization’s daily processes to ensure protection of EPHI and greatly reduce exposure to HIPAA security audits and their respective potential penalties.