{"id":1643,"date":"2014-03-13T10:13:17","date_gmt":"2014-03-13T15:13:17","guid":{"rendered":"http:\/\/www.poweradmin.com\/blog\/?p=1643"},"modified":"2015-04-24T16:39:43","modified_gmt":"2015-04-24T21:39:43","slug":"ensuring-hipaa-compliance","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/ensuring-hipaa-compliance\/","title":{"rendered":"Ensuring HIPAA Compliance"},"content":{"rendered":"<p><span style=\"font-family: verdana,geneva;\"><iframe loading=\"lazy\" src=\"\/\/embed.gettyimages.com\/embed\/172163462?et=SOc0eLZzd0ylfgtJ0YZZgA&amp;sig=5aO0IgJdmQqvaRPA5qqNVwgW7k1lPOg6kDxpf1vKY0Q=\" width=\"300\" height=\"241\" frameborder=\"0\" scrolling=\"no\" align=\"right\"><\/iframe><\/span><\/p>\n<p><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">HIPAA sets the standards for the protection of PHI (Private Health Information) and ePHI belonging to those people who receive medical care from your business. So, if you are:<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">A covered healthcare provider like a hospital or individual medial practitioner<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">A business associate of these providers (including the private sector or 3rd party administrator)<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">A healthcare clearing house<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color: #666666; font-family: verdana,geneva;\"> <span style=\"font-size: 16px;\">Additionally to this, if you transmit the information of those in your care digitally, or transmit digital information about those in your care, then you are required to become HIPAA compliant.<\/span><\/span><\/p>\n<p><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Any company dealing with protected health information is required by HIPAA to make sure that security measures are in place for every record kept, from physical copies, to network and digital copies. HIPAA also extends to the processing of information, requiring measures to be taken to ensure that even during administration, the privacy of information is maintained.<\/span><\/span><\/p>\n<p><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">The penalties for violating HIPAA are severe, ranging from $100 to $50,000 per violation, up to maximum of $1,500,000 a year with the threat of criminal charges also present. Not something which you and your business want to get mixed up with. But follow this checklist below and you should be well on your way to becoming HIPAA compliant<\/span><\/span><\/p>\n<h2><span style=\"font-size: 18px; font-family: verdana,geneva;\"><span style=\"color: #666666;\"><strong><span style=\"text-decoration: underline;\">How to Ensure Compliance<\/span><\/strong><\/span><\/span><\/h2>\n<h2><span style=\"color: #0066ff; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\"><strong>1. Know the Most Common Breaches<\/strong><\/span><\/span><\/h2>\n<p><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">When implementing policies like HIPAA, it is often best to begin by investigating where these breaches commonly occur. In the case of HIPAA, common breaches include:<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Unencrypted Data<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Employee Error<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Data being stored on unauthorized and\/or unencrypted devices<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Non-compliant business associates<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Slow notification<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Keep these breaches in mind when you begin to implement HIPAA and you\u2019ll be a long way to becoming compliant.<\/span><\/span><\/p>\n<h2><span style=\"color: #0066ff; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\"><strong>2. Limit physical access to private information<\/strong><\/span><\/span><\/h2>\n<p><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">You can do this by implementing limits to who is able to see copies of private information and making sure that the information is contained within areas that require authorization. On a business network, this is just a case of assigning the right permissions. It is also required that you have policies about the moving and disposal of PHI and ePHI.<\/span><\/span><\/p>\n<h2><span style=\"color: #0066ff; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\"><strong>3. Limit digital access to private information<\/strong><\/span><\/span><\/h2>\n<p><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">With online data it is slightly more complicated to become HIPAA compliant. You are required to set up authorized access to digital files and also implement policies about work-station access. A strong access control policy includes:<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Unique user ID\u2019s<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Strong passwords and use policies<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Emergency Access Procedures<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Encryption of files<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Automatic Logging off on work stations.<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Integrity controls (to ensure that information is not altered or destroyed)<\/span><\/span><span style=\"font-family: verdana,geneva;\"> \u00a0<\/span><\/li>\n<\/ul>\n<h2><span style=\"color: #0066ff; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\"><strong>4. Use a HIPAA compliant hosting service<\/strong><\/span><\/span><\/h2>\n<p><span style=\"font-size: 16px; font-family: verdana,geneva;\"><span style=\"color: #666666;\">There are <\/span><a href=\"http:\/\/www.onlinetech.com\/compliant-hosting\/hipaa-compliant-hosting\/overview\" rel=\"nofollow\" target=\"_blank\"><span style=\"color: #666666;\">many services<\/span><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><span style=\"color: #666666;\"> which specialize in HIPAA compliance. This could save you a lot of time when implementing compliance into your business. Some of the benefits include:<\/span><\/span><\/p>\n<ul>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">High-tech data centers \u2013 these come with the added benefit of IT support, should something go wrong<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">No need to implement a new IT infrastructure<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Cheaper than building your own data center<\/span><\/span><\/li>\n<li><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Risk Assessments<\/span><\/span><\/li>\n<\/ul>\n<h2><span style=\"color: #0066ff; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\"><strong>5. Risk Assessments<\/strong><\/span><\/span><\/h2>\n<p><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">It\u2019s not enough to say that you are HIPAA compliant, you have to prove it. Be sure to document your activities to show that you are not neglecting your compliance to HIPAA. Documentation is key, it not only offers proof that you are following HIPAA guidelines, but also offers you and your staff a reference point if something unusual happens. Furthermore, if you clearly document the location of all of your data then it becomes infinitely easier to locate and access that data when it\u2019s required down the line.<\/span><\/span><\/p>\n<h2><span style=\"color: #0066ff; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\"><strong>6. Put a Plan in Place<\/strong><\/span><\/span><\/h2>\n<p><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">Establishing some kind of system for following up on reports, renewing staff training, reviewing documentation and everything else that is required of an HIPAA compliant business is essential if you wish to avoid headaches in the future. By returning to and reviewing the systems which you put in place, over time you will find not only problems which must be fixed, but also ways in which your system can be improved and made more efficient.<\/span><\/span><\/p>\n<p><span style=\"font-family: verdana,geneva;\"><iframe loading=\"lazy\" src=\"\/\/embed.gettyimages.com\/embed\/157312303?et=9duHCSYhFkiVb-RpJEwzLQ&amp;sig=_rA6MvCoddGWg_si3rP4KBJJlaWIs7Vw9AZDClFT8wE=\" width=\"225\" height=\"376\" frameborder=\"0\" scrolling=\"no\" align=\"left\"><\/iframe><\/span><\/p>\n<h2><span style=\"color: #0066ff; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\"><strong>7. Train Your Staff Well<\/strong><\/span><\/span><\/h2>\n<p><span style=\"font-size: 16px; font-family: verdana,geneva;\"><span style=\"color: #666666;\">While all HIPAA information is available on the U.S. Department of <\/span><a href=\"http:\/\/www.hhs.gov\/ocr\/privacy\/\" rel=\"nofollow\" target=\"_blank\"><span style=\"color: #666666;\">Health &amp; Human Services<\/span><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><span style=\"color: #666666;\"> website, there are also many <\/span><a href=\"https:\/\/www.securitymetrics.com\/sm\/pub\/hipaatraining\/overview\" rel=\"nofollow\" target=\"_blank\"><span style=\"color: #666666;\">qualified companies<\/span><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><span style=\"color: #666666;\"> who will take your staff through HIPAA requirements, ensuring that no essential information falls through the cracks. You\u2019re only as strong as your weakest link, so ensure that all of your staff are absolutely clear on the requirements for PHI protection.<\/span><\/span><\/p>\n<p><span style=\"color: #666666; font-family: verdana,geneva;\"><span style=\"font-size: 16px;\">This list is by no means the be-all and end-all of HIPAA compliance, but if you keep referencing back to this checklist on your path to compliance, you should be well on your way to completion. The most important thing to remember however, is that HIPAA is constantly being updated and therefore so must your business, HIPAA compliance is not a one-time process, but one that you should return to regularly and update as necessary, for the good of both your business and your clients.<\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>HIPAA sets the standards for the protection of PHI (Private Health Information) and ePHI belonging to those people who receive medical care from your business. So, if you are: A covered healthcare provider like a hospital or individual medial practitioner A business associate of these providers (including the private sector or 3rd party administrator) A [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1672,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,5,10,9],"tags":[],"class_list":["post-1643","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-it","category-how-to","category-power-admin","category-technical"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/1643","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/comments?post=1643"}],"version-history":[{"count":5,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/1643\/revisions"}],"predecessor-version":[{"id":3531,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/1643\/revisions\/3531"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media\/1672"}],"wp:attachment":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media?parent=1643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/categories?post=1643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/tags?post=1643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}