But let’s back up for a minute and define what is a HIPAA. Let’s first define what HIPAA is. HIPAA is legislature that was proposed by Senators Kennedy and Kassebaum and signed into law by President Clinton in 1996.
Title II, a standard of electronic health care transactions
This section defines a national standard by which companies that are transaction in Protected Health Information must follow.
Protected Health Information or PHI
What is PHI data. It is data that contains personal medical information. For example a record of Fred Smith’s blood pressure is PHI, but medical data about an anonymous person with no way to identify who the data belongs to, is not HIPAA.
How is it protected
How is the data protected physically. It must be protected by security measures that will ensure the safekeeping of the data
training staff on how to handle PHI, backup procedures and even disaster recovery
Protect from unauthorized access
Encrypting the data at rest in in transit.
Practical – Who cares
Really, what can happen. There are fines imposed for data that is stolen. The technical term is “unauthorized access” to the PHI data. One facility in Florida was fined $50,000 for a laptop that was left in an employees trunk and it was stolen. The data was then accessible. There were only about 500 patients information. Imagine, the cot if it is a large database that is accessed.
First educate yourself. Being self-didactic is a good thing. Ask questions, google it. I like the HIPAA Survival Guide website. I recommend you spend a couple of hours reading it. Sign up for the clear water compliance newsletter.
If you are a larger company with a budget, then you can hire a security compliance company like 3 pillars out of WI. Keep in mind that most the security consulting companies are just that – consulting. They don’t actually do the security, but they do check to make sure that you have the correct safeguards in place. They can do an audit to find out where you are falling short.