fbpx
07
Jun
2013

HIPAA Fundamentals

By HIPAA Vault

Define HIPAA

But let’s back up for a minute and define what is a HIPAA. Let’s first define what HIPAA is. HIPAA is legislature that was proposed by Senators Kennedy and Kassebaum and signed into law by President Clinton in 1996.

Title II, a standard of electronic health care transactions

This section defines a national standard by which companies that are transaction in Protected Health Information must follow.

Protected Health Information or PHI

What is PHI data. It is data that contains personal medical information. For example a record of Fred Smith’s blood pressure is PHI, but medical data about an anonymous person with no way to identify who the data belongs to, is not HIPAA.

How is it protected

By Safeguards

Physical

How is the data protected physically. It must be protected by security measures that will ensure the safekeeping of the data

Administrative

training staff on how to handle PHI, backup procedures and even disaster recovery

Technical

Protect from unauthorized access

Encrypting the data at rest in in transit.

Practical – Who cares

Really, what can happen. There are fines imposed for data that is stolen. The technical term is “unauthorized access” to the PHI data. One facility in Florida was fined $50,000 for a laptop that was left in an employees trunk and it was stolen. The data was then accessible. There were only about 500 patients information. Imagine, the cot if it is a large database that is accessed.

Educate yourself

First educate yourself. Being self-didactic is a good thing. Ask questions, google it. I like the HIPAA Survival Guide website. I recommend you spend a couple of hours reading it. Sign up for the clear water compliance newsletter.
If you are a larger company with a budget, then you can hire a security compliance company like 3 pillars out of WI. Keep in mind that most the security consulting companies are just that – consulting. They don’t actually do the security, but they do check to make sure that you have the correct safeguards in place. They can do an audit to find out where you are falling short.

 

Our certifications