The topic of HIPPA security is typically grounds for most medical professionals to start running away. Perhaps it’s because computer security is not the same nature as family practice medicine. However, the issue hits much closer to home than what you may think. If you’ve ever been the victim of a computer virus, experienced hard disk failure and lost patient data, or have worried about someone eavesdropping on your phone conversation with a patient, then you’ve faced the ugly side of a security issue.
Five steps that will help you to understand and compare your medical office’s current security standards with that required by HIPPA
Make certain that medical staff is on the same page as you
Most security breaches occur when medical staff employees exercise faulty judgment or fail to follow protocols. Carefully consider the location of the computers in your. Also, passwords should be difficult for anyone to guess (the more complicated the password, the greater their level of security) and kept the secret to avoid unauthorized access to or manipulation of protected information. While hackers might be a concern, your most major security risks come from within. Make sure your staff understands the importance of the security standards you’ve set in place.
Understand the capabilities and weaknesses of your technology environment
In order to assess your security risk, you have to know, in detail, the capabilities and weaknesses of your information systems. Most practices have complicated IT environments that include multiple components. These might include hardware, software as well as various network components (phone/cable, wireless systems, and firewall). Make a detailed list of all of the components that play a role in storing or transmitting patient health information. Then, create a diagram that displays how this collection of hardware, software, and network components collects, accesses, stores and transmits patient health information.
Have a business continuity plan in place
The most common ways patient data and important information can be affected is from sort of emergency which range from human error to hurricanes or flooding.
Ensure that your network safeguards are up to date, secure and robust
Most computers in your practice are connected to a network that has its own set of special risks. Networks need to defend themselves against attacks from unauthorized users and from infiltration of unauthorized information packets through the routers. This is often accomplished through firewalls, hardware and software devices that protect a medical practice’s network from hackers or other security risks. Firewalls deny access to unauthorized users and applications, and they create audit trails or logs that identify who accessed the network and when. It’s very important to ensure that your firewall and network safeguards are up to date, secure and robust.
Encrypt data when necessary
Here are a few examples of electronic data transfers commonly used in a medical office that you may way to consider for encryption: patient billing information exchanged with payers and health plans, case management data, patient health information, and lab and other clinical data electronically sent to and received from outside labs.