How to Comply with HIPAA Regulations – 10 Steps

There is a tremendous amount of data in the world of healthcare. That data includes personal healthcare information (PHI), which is regulated by the Health Insurance Portability and Accountability Act (HIPAA). HIPAA’s initial purpose was to allow patients to carry health insurance from one employer to another; however, it soon morphed into a way to streamline and protect medical records.

HIPAA is meant to safeguard PHI as it relates to the privacy. This means any PHI that must be treated differently than other forms of data. Most PHI information is now digital, as more healthcare providers use electronic medical records (EMR), and how healthcare uses the data and how it’s transferred are vital parts of HIPAA compliance. It also mandates that any breaches of such data be reported. HIPAA compliance of digital data means that anyone who touches the data must not expose it, and that it should have technical, physical and administrative safeguards.

From secure messaging apps used by clinicians to the storage of EMR data, healthcare organizations have many platforms and channels through which PHI flows. Because of this flow, there are multiple steps required to meet compliance regulations. HIPAA isn’t something that anyone can ignore, either, because findings of non-compliance often result in steep fines. Let’s look at how you can comply with HIPAA in 10 steps.

Step One: Privacy Policy

Before jumping into the technical aspects of HIPAA compliance, an organization must have a privacy policy. This policy has to be established and implemented, and this implementation includes all privacy and security policies. Policies must also be documented and note what steps should be taken in the case of breach event.

Step Two: Privacy Officers

Someone must be accountable for the adoption of security policies. This may include a privacy and security officer, although it can (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Beth Osborne. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/TVrC03U4mxA/