Technology has provided multiple layers of convenience to our professional and personal lives. It has changed the ways we can interact with people and with information. However, those conveniences do not go unchallenged. As a health information management professional, HIPAA is a key component to your modus operandi. You are tasked with ensuring “those on the privacy and the security sides are able to work together.” You also undoubtedly face HIPAA and cybersecurity concerns.
From protecting patient data and healthcare organizations to evolving safeguards that ensure HIPAA compliance, you play a crucial role in the ever-changing world of healthcare. Let’s take a look at how you can fight cybersecurity challenges.
Putting safeguards in place
The HIPAA Security Rule and Privacy Rule highlight that “trust in electronic health information exchange can only be achieved if reasonable administrative, technical, and physical safeguards are in place.” Let’s break down each one:
Administrative safeguards
These safeguards focus on employee training. With these in place, your team should be thoroughly and properly trained on security measures and how to execute them.
One of the most common HIPAA violations is when health care organizations do not ensure all parties with access to patient data have proper training.
Technical safeguards
These safeguards focus on protecting against cyber attacks. With these in place, your team should have the most up-to-date protections in place such as firewalls, servers, data encryption, etc. These also include access, audit, and integrity controls.
After failing to recognize the risk of a new server with a file sharing application and making ePHI accessible online, St. Joseph Health was ordered to pay a settlement of over $2.1M. This lack in technical integrity caused over 31,000 patients’ data to be disclosed.
Physical safeguards
These safeguards offer physical security in covered entities and business offices where healthcare data are stored or maintained. This security includes limiting physical access to authorized team members. It also includes implementing “policies and procedures to specify proper use of and access to workstations and electronic media.”
HIPAA FAQs
It’s a familiar topic in the healthcare sphere, but questions on HIPAA, its reach, who it impacts, and ways in which it regulates still often need clarification. Let’s take a look at 4 frequently asked questions about the law and cybersecurity concerns:
FAQ #1:
Does the HIPAA Privacy Rule allow providers to use e-mail to discuss health issues and treatment with patients?
According to the Department of Health and Human Services, yes. If covered healthcare providers apply “reasonable safeguards,” they can use digital tools such as email to discuss patients’ health issues. However, providers should consider “limiting the amount or type of information disclosed.” They may also consider altering patients to the risks of using unencrypted email.
FAQ #2:
What are common examples of internal data breaches?
Your organization may face challenges such as:
- portable devices or desktop computers going missing
- paper medical records getting lost in transit before or after being electronically scanned
- employees accessing data they are not authorized to view and discussing it with colleagues, family, friends, etc.
- healthcare assets being attacked by malware or ransomware
- human error/data mishandling
FAQ #3:
Do the standards of the Security Rule require use of specific technologies?
According to the Department of Health and Human Services, no. The standards set forth in this rule allow for ever-evolving technologies. Compliance requires the ability to implement the latest in digital tools and technologies.
FAQ #4:
How does the Privacy Rule impact an individual’s right to access her protected health information (PHI)?
The right to access one’s health data is central to the Privacy Rule. It creates “an enforceable means” for patients to review and receive copies of their PHI. It’s important to remember that:
- covered entities may require patients to request access in writing (this includes digital communication)
- covered entities should respond in a timely manner – typically within 30 days of request receipt
- personal representatives of the individual are granted the same right of access as the patient
- reasonable policies and procedures should be implemented to verify the individual’s identity
- access to PHI must be provided in the format requested by the individual if available
- alternative access formats to PHI must be agreed upon by the covered entity and the individual
Quick tips to protect yourself and your organization
Having a strong hold on cybersecurity provides you, patients, their loved ones, your colleagues, and your organization with peace of mind. Threats to that peace of mind can cost your organization money, time, effort, and patient trust. Put these tips to work in your organization today:
- Change your passwords often. Avoid using the same one for everything.
- Include a multi-layered security approach to your cyber protection plan. This may give your team time to identify and stop an attack.
- Limit physical access. This includes securing rooms and devices.
- Make sure all team members are properly trained on HIPAA regulations.
- Establish a plan for frequent and ongoing HIPAA training.
- Maintain strict access control. This may mean using an access control list or role-based access control depending on your organization’s size and needs.
- Maintain and manage your technologies. This includes software and operating systems.
- Use a firewall and maintain anti-virus software.
Share this video with your HIM team:
We’re here to empower you
Harmony Healthcare’s Health Information Management solutions support your organization with interim expertise that is critical for both daily operations and long-term goals.
Discover how our solutions can help your organization:
- provide strategic direction to optimize revenue and contain costs
- formulate value-based initiatives to identify trends, cost drivers, and care gaps
- identify opportunities to enhance hospital revenue streams
- improve financial performance of managed care agreements
See how the right service partner can provide a better solution for your staffing needs here.
Subscribe to our monthly newsletter here.
Join our Facebook community here and our LinkedIn community here.