Complying With HIPPA
HIPPA (Health Insurance Privacy and Accountability Act) compliance is a critical, yet an often misunderstood area. There are technical issues to resolve, such as securing of emails, how data is stored and where it is stored, administrative policies to set, consistent training of employees on the care of PHI information, and the consistent monitoring of PHI/ePHI data as it transfers hands and or goes mobile.
A more recent example of a security breach can be viewed here “HealthLeadersMedica.com”
Some best practices to consider and enforce regularly are:
- Policies should require that all mobile storage devices be secured
- Encrypt all mobile devices including laptops
- Educate employees on how to protect privacy
- Sanction employees who violate policies
- Implement technologies that find transfers of medical data (especially in an unencrypted form). This should include both transfers across the network and via physical devices such as USB thumb drives, iPods, etc.
- Have your business associates and or vendors sign the appropriate agreements.
Not All Safeguards Are Technical
It is very important to understand that implementing and enforcing formal policies and procedures needs to be engrained into the business philosophy. Having a clear idea on how the data center plans to secure PHI (protected health information) and ePHI (electronic protected health information), and how consistent training will be carried out will allow for an overall win for protecting your clients and your organization’s reputation.
At JND Consulting Group LLC. we keep our employees up to date on the latest HIPPA / HITECH and compliance guidelines. It is our philosophy to make sure all of our clients and associate’s data and information at any level and any type are kept secure.
Additional information can be found at HIPPA.org
Contact us today for more information
Joe Ramos
President
Joe_Ramos@JNDConsultingGroup.com
561-705-2905
