In recent weeks and months, the news has been filled with ransomware attacks and data breaches targeting healthcare facilities including hospitals, private practices, and dental offices. These incidents lead many patients to be anxious about their healthcare data and how it may be used or misused by cybercriminals. Today, we are exploring the steps that your dental office, primary care physician office, hospitals, and other healthcare facilities take to protect your sensitive health data while they are in their possession as well as while they are in transit, including physical, administrative, and technical safeguards. Hopefully, it will put your mind at ease knowing the measures that are taken under the HIPAA privacy laws that are meant to protect patients.
Even before a patient enters the waiting room of a healthcare facility, their data is protected under HIPAA. For instance, some of the administrative safeguards include specialized training of personnel that is geared toward risk assessment, emergency planning, restricting third-party access, and reporting any security incidents.As a part of this safeguard, a security officer within the healthcare facility will be responsible for developing and implementing its security policies and procedures. This means that even when you are not there, they are protecting your sensitive and identifiable information from those with malicious intent.
In addition to administrative safeguards, there are technical steps taken to protect your healthcare information. According to the HIPAA Security Rule, technical safeguards are “the technology and the policy and procedures for its use that protect electronically protected health information and control access to it.” This section of the law tells us that healthcare entities are meant to keep electronically protected health information (ePHI) properly secured from unauthorized access. This is the case whether the data is at rest, stored in an electronic file, or while in transit to another location. Technical safeguards include things like access controls such as implementing technical policies and procedures that allow only authorized persons to access electronic protected health information (ePHI). These safeguards also include audit and integrity controls as well as transmission security, which confirms that no unauthorized access to e-PHI as it is being transmitted over the network.
This category is what we often think about when we think about protecting information - the physical protections. This component of the HIPAA security protocols includes facility access and control such as limiting physical access to its facilities. It also includes workstation and device security including policies and procedures protecting the transfer, removal, disposal, and re-use of electronic media. These safeguards ensure that your healthcare provider has a strict set of rules that the office and IT department follows to keep your sensitive information secure. From having strong passwords to using secure Wi-Fi and from practicing HIPAA-mandated security assessments to keeping track of all devices within the facility, the list goes on and on as to how they are working hard to protect your patient data.