HIPAA Compliance
Health Insurance Portability and Accountability Act (HIPAA), was created by the US Congress in 1996. This act covers a lot of information, including the protection, security and privacy of patient data (Wikipedia Definition). If you are a doctor or office manager of a doctor’s office (doctor, dentist, chiropractor, etc.), you have certain obligations that you are required to meet. While most of the software that can be purchased/obtained to use in the management of your office and records may have HIPPA related items, such as passwords to open the programs, you still need to protect your computers, servers and files.
Sometimes being HIPAA compliant means keeping your patient records behind a locked door, in a filing cabinet, or closed binder, if you are in a hurry. As long as the files are not readily available to the general public you can be considered in compliance with the law, but when you have a computer system in place, you may not be thinking about all ways that this information can be retrieved. The only sure way to make your computer is not accessible to anyone that is not authorized, you would need to have it in a looked room with no connection to the Internet or phone-line. While this is not really feasible in this day and age, we can assist in secure and protecting your client files no matter where they are located or how they are accessed.
We specialize in HIPAA compliance outside of your normal business operation software. What this means is that your medical records and/or billing software should already have HIPAA compliance built into it, where as we assist in protecting the entire computer system that the files reside on, your network that you have your computers connected to and any mobile computer devices that may have access to your system, such as doctor laptops. This security protection comes in various forms including data encryption, using military grade software.
If you office has more than one computer and especially if you are able to access your patient data from more than one computer, then you are running a network system. According to HIPAA regulations, you are required to insure that your data on this network is protected. If your network is not connected to the Internet (no dsl, phone mode, cable modem, etc.), and each computer is connected to the network using Ethernet cable, then its considered reasonable safe and within the basics of HIPAA requirements. If you network contains a wireless connection to any of its computers or just has a wireless connection available for future use and its currently active, you must secure your data transmission using the encrypted security option for that wireless router. One option, not only the encryption of the wireless signal, is to encrypt all the data that is moving across the network, using basic encryption software.
Now, if your office network has an outside connection, that is connected to the Internet, you have additional safeguards that you will need to consider. You need to insure that your inbound connections, that is where the Internet comes into your modem, is protected and hidden. This helps to prevent outside intrusion into your network and prevent access to your data. This is usually accomplished through the use of a firewall, either hardware or software based. We will work with your current system and configure it to be hidden from the public world and attempt to prevent access to any unauthorized individuals. We work hard everyday to protect your network and computers, striving to keep them free from problems and working correctly.
Another area of concern is your computer data backup. If you are only backing up to a local computer or drive, your informaiton may already be protected using the current options that you have or that we can put into operation. The only problem is, what happens if that backup data is lost. It is recommended that your office also use an online, offsite backup solution. Our priroity backup solution is a great option and it is HIPPA compliant. For less than $50 (depending on your plan) a year, you can protect your data from a disaster in your place of business. For more information, read our ‘Why Have An Offsite Backup Solution?’.
On a final note regarding HIPAA compliance if you are using computers to maintain your patient files/information. You can not just remove your old computer, when you decide to upgrade and do anything you want with it. You must wipe the system clean to insure that no information contained on the computer remains intact. We specialize in wiping data from computers. We use programs that meet and/or exceed the requirements of the Department of Defence (DoD) in data deletion. When we finish wiping a computer system clean, it will meet the requirements of HIPAA for data removal and then some. Once your system is, what we call sanitized, you may do what you wish with the computer, but please be aware, its against the law to throw a computer system in the trash. If you are not sure what to do your old computer systems, please read our Computer Recycling information page.