November 12, 2015 Aspida Mail, HIPAA
HIPAA. This simple five letter acronym has the power to elicit almost the exact same reaction from any healthcare provider… UGHHH! Hospitals, dental offices, and any other health care providers that manage private health information today must adhere to strict policies for ensuring their data is secure at all times.
HIPAA is not new – it’s been around since 1996! Contrary to what you commonly see, it’s NOT spelled with two P’s (HIPPA). And it’s actually not all bad.
Still with me?
The Health Insurance Portability and Accountability Act (HIPAA) was created to protect your patients and their Protected Health Information (PHI) by way of applying processes into a service related practice.
Bottom Line: Healthcare providers need to apply certain procedures, or safeguards, within the practice to ensure their patients’ data are not vulnerable to snooping eyes (and hands!). HIPAA defines these safeguards by three separate categories: Administrative, Physical & Technical.
Below you will find HIPAA’s definition of these safeguards and our interpretation.
• Administrative procedures are defined as, “administrative actions, and policies and procedures to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.”
Aspida Breakdown: People & Process. Examples: What can you say and Who can you say it to? This covers your Notice of Privacy Practices – are they up to date? Is your staff trained on HIPAA? Is it documented?
• Physical Safeguards are the “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.”
Aspida Breakdown: What is going to stop someone from physically stealing your patient data. Examples: Are there locks on your perimeter doors? Is your server located in a locked closet? Is your server housed off premise (hosted in the cloud)?
• Technical security mechanisms and services are the “technology and the policy andprocedures for its use that protect electronic protected health information and control access to it.”
Aspida Breakdown: This is your (computer) network infrastructure. Examples: Do employees have unique logins to access your network? If you employ remote access, have you verified a secure connection? If you have WiFi, is it password protected? Do you email ePHI securely (encrypted)?
By familiarizing yourself and your team about HIPAA, you’ve taken the first steps to protection. The next step would be to figure out what procedures work best for your practice and come up with a plan for implementation. Luckily, there are companies that specialize in assisting dental offices with implementing such protocols. And don’t forget, documentation of all policies and procedures is key!.