Your IT Checklist for HIPAA Compliance
Technical Safeguards: This area of criteria for HIPAA compliance deals with the technology used to store and transmit confidential patient data. The U.S. Department of Commerce - National Institute of Standards and Technology (NIST) requires that, regardless of whether the data is at rest or in transit, it should be encrypted according to their standards. This ensures that any breach of confidential patient data renders the data unreadable, undecipherable, and unusable. Included in this safeguard are:
Physical Safeguards: These safeguards focus mainly on the access of data where it is stored, whether it is in the cloud or on a server located on the premises. It also means safeguards for workstations and all devices where an unauthorized person could gain access to sensitive data.
- Access Control - This includes unique usernames and PIN numbers for each user, as well as a procedure for the release of data in an emergency.
- Authentication of ePHI - Has any of the electronic information been altered in an unauthorized manner?
- Tools for Encryption and Decryption
- Implementation of Activity Logs and Audit Controls
- Automatic log off for workstations after a certain amount of time
Administrative Safeguards: This area brings together the Privacy Rule and Security Rule, and includes:
- Implementation of strict procedures for facility access including all employees, cleaning personnel, and other visitors to the office.
- Policies for protecting patient information at each workstation, whether it is who can use each workstation or even how the monitor is to be positioned so sensitive data can not be viewed by unauthorized people.
- Policies and Procedures for Mobile Devices
- Inventory of Hardware including: tracking movement to storage facilities, repairs, and disposal.
Does your medical or dental practice have an expert technical professional maintaining your technology to remain in compliance? Or are you adding new technology that needs to be compliant? Call or text Spectra Networks at 978.219.9752, or visit our website today.
- Risk Assessments
- Instruction of a Risk Management Policy and Sanctions Policy for employees who do not comply.
- Training Employees
- Emergency Planning
- Restricting Third Party Access
- Reporting Security Incidents
Spectra Networks. Website designed and developed by Sperling Interactive.