Site icon Harmony Healthcare

HIPAA & Cybersecurity: What HIM Professionals Must Know

HIPAA and cybersecurity

Technology has provided multiple layers of convenience to our professional and personal lives. It has changed the ways we can interact with people and with information. However, those conveniences do not go unchallenged. As a health information management professional, HIPAA is a key component to your modus operandi. You are tasked with ensuring “those on the privacy and the security sides are able to work together.”  You also undoubtedly face HIPAA and cybersecurity concerns.

From protecting patient data and healthcare organizations to evolving safeguards that ensure HIPAA compliance, you play a crucial role in the ever-changing world of healthcare. Let’s take a look at how you can fight cybersecurity challenges.

Putting safeguards in place

The HIPAA Security Rule and Privacy Rule highlight that “trust in electronic health information exchange can only be achieved if reasonable administrative, technical, and physical safeguards are in place.” Let’s break down each one:

Administrative safeguards

These safeguards focus on employee training. With these in place, your team should be thoroughly and properly trained on security measures and how to execute them.

One of the most common HIPAA violations is when health care organizations do not ensure all parties with access to patient data have proper training.

Technical safeguards

These safeguards focus on protecting against cyber attacks. With these in place, your team should have the most up-to-date protections in place such as firewalls, servers, data encryption, etc. These also include access, audit, and integrity controls.

After failing to recognize the risk of a new server with a file sharing application and making ePHI accessible online, St. Joseph Health was ordered to pay a settlement of over $2.1M. This lack in technical integrity caused over 31,000 patients’ data to be disclosed.

Physical safeguards

These safeguards offer physical security in covered entities and business offices where healthcare data are stored or maintained. This security includes limiting physical access to authorized team members. It also includes implementing “policies and procedures to specify proper use of and access to workstations and electronic media.”

HIPAA FAQs

It’s a familiar topic in the healthcare sphere, but questions on HIPAA, its reach, who it impacts, and ways in which it regulates still often need clarification. Let’s take a look at 4 frequently asked questions about the law and cybersecurity concerns:

FAQ #1:

Does the HIPAA Privacy Rule allow providers to use e-mail to discuss health issues and treatment with patients?

According to the Department of Health and Human Services, yes. If covered healthcare providers apply “reasonable safeguards,” they can use digital tools such as email to discuss patients’ health issues. However, providers should consider “limiting the amount or type of information disclosed.” They may also consider altering patients to the risks of using unencrypted email.

FAQ #2:

What are common examples of internal data breaches? 

Your organization may face challenges such as:

FAQ #3:

Do the standards of the Security Rule require use of specific technologies?

According to the Department of Health and Human Services, no. The standards set forth in this rule allow for ever-evolving technologies. Compliance requires the ability to implement the latest in digital tools and technologies.

FAQ #4:

How does the Privacy Rule impact an individual’s right to access her protected health information (PHI)? 

The right to access one’s health data is central to the Privacy Rule. It creates “an enforceable means” for patients to review and receive copies of their PHI. It’s important to remember that:

Quick tips to protect yourself and your organization

Having a strong hold on cybersecurity provides you, patients, their loved ones, your colleagues, and your organization with peace of mind. Threats to that peace of mind can cost your organization money, time, effort, and patient trust. Put these tips to work in your organization today:

Share this video with your HIM team:

We’re here to empower you

Harmony Healthcare’s Health Information Management solutions support your organization with interim expertise that is critical for both daily operations and long-term goals.

Discover how our solutions can help your organization:

See how the right service partner can provide a better solution for your staffing needs here.

Subscribe to our monthly newsletter here.

Join our Facebook community here and our LinkedIn community here.

Exit mobile version