HIPAA compliance is a crucial prerequisite for any company remotely dealing with any healthcare information. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed into law under the Clinton Administration in order to ensure the privacy and security of medical information.
The HIPAA Privacy Rule dictates the usage of Protected Health Information (PHI) by the various “covered entities” that handle such information. The implementation of this rule has helped regulate how businesses are allowed to deal with medical data so patients can rest assured their information is in safe hands.
PrognoCIS EHR is working with Zetta to enhance their disaster recovery and data protection using the cloud. In a Health IT Outcomes article, Zetta CEO, Mike Grossman, discusses how data from PrognoCIS Electronic Health Record software is secured in a HIPAA compliant manner.
Data in the Cloud
There are four main reasons why data in the cloud is the best option for healthcare:
- Undeniably secure
Data is secured in multiple ways, keeping it well protected and making it easy to recover data in case of an emergency, which also meets HIPAA requirements
- High performance
Quickly move large amounts of data, avoid bottlenecks, and optimize storage to account for data growth.
The lack of hardware saves you resources on maintenance and minimizes the risk of on-site disaster.
Because all your data is stored in the cloud, there are fewer costs associated with hardware and the staff required to manage it.
Storing data in the cloud enables quicker recovery, saves on cost and resources, and provides a high level of security to assure patients and providers their information is protected in a HIPAA compliant manner.
Read the complete article on Compliant Health Record Data Protection in the Cloud. Sign up for the PrognoCIS EHR newsletter.
10 most common HIPAA Violations that Practices can Avoid –
HHS is tightening its hold on HIPAA regulation. One of the recent and costliest HIPAA violations has been reported by the University of Texas MD Anderson Cancer Center in Houston. The center had to pay $4,348,000 in civil penalties for HIPAA violations related to the organization’s encryption policies. Financial Drain in a HIPAA violation can largely impede a practice. It is, therefore, extremely crucial to protect your practice against these violations. Most of the violations pose a considerable threat to the Practice but here are 10 most common HIPAA violations that when monitored carefully, will provide substantial security cover to your Practice.
1. Unsecured medical records. Patient medical records containing PHI needs to be locked and secured all the time. Physical files should be kept locked in filing cabinet, desk, room or office. Digital records should be encrypted and have password protection all the time.
2. Lost and stolen devices. If a smartphone, tablet or laptop with ePHI gets lost or stolen, a vast amount of patient information is in jeopardy. It is mandatory to keep mobile devices in a secured location along with encryption and password protection. example:
3. Hacking – A cybercrime which is on the rise and calls for ensuring the safety and protection of your devices. Your Anti-virus software should be consistently updated and active. Adding firewalls as an extra layer of security is another solution. Practices should create unique passwords and change them regularly it keep their devices secured.
4. Unencrypted data. Unencrypted data is vulnerable to cyber attacks. Encryption protects patient data even if it’s stolen.
5. Lack of training. All employees who work in a clinic or a company that handles patient data should be trained on HIPAA requirements and safeguards. This is mandatory according to the HIPAA rule. The staff and officials should be well trained on HIPAA laws, policies and procedures.
6. Employees sharing patient health information. It is illegal for clinicians, staff or employees to divulge or discuss patient health information with colleagues, friends or staff members. It is subject to penalties and fines. Discussion about PHI can only be done with appropriate staff or physician.
7. Illegal file access. It is a HIPAA violation to access a file that an employee is not entitled to. Employees and staff members should be trained on correct procedures and protocols to follow on information related to patient data.
8. Improper disposal of record: Patient records that are not disposed of properly are vulnerable to cyber theft and also constitute a HIPAA violation. Training for safe disposal of the health record is a vital aspect of training for HIPAA safety measures. PHI containing information related to treatment, ailment, diagnosis needs to be properly disposed of – shredded, destroyed, or wiped from the hard drive,
9. Unauthorized information release. Only dependents and those with power of attorney are allowed to access the patient health information of family members.
10. Access to home computers. Leaving patient information available on home computer screens can result in the data being viewed by unauthorized family members.