HIPAA compliance is a necessary part of operating in the healthcare field. While you might fulfill other requirements to stay in compliance, your IT system may not make the grade. Here are a few areas to pay close attention to when you’re evaluating your infrastructure.
Start with the policies and procedures that govern your healthcare company’s IT practices. You need an organization that understands the importance of protecting patient health information, the level-appropriate ways to do so and what they need to do to adhere to HIPAA guidelines.
You should have a thorough understanding of the risks facing your healthcare organization and a strategy for managing them. If breaches occur, then a complete action plan leads you through the process of discovering what went wrong and how to fix it.
Administrative measures should define the consequences for unauthorized access by employees, what employees should have access to this information to begin with and determining who is responsible for keeping the electronic records secure.
Training is also essential to maintaining HIPAA compliance. Users may not realize that they’re behaving in a way that compromises patient data and other sensitive information. A comprehensive security training program covers what each staff member needs to know so they can do their part.
Another important administrative measure is a disaster recovery plan. Your patient information is at risk in these unexpected situations, so you need a concrete plan on how you protect your data, the restoration method, preventative measures to stop attacks of opportunity and other security strategies.
Physical Data Security
Some organizations may spend a lot of time focusing on software methods for protecting their data, but forget about the physical security. For HIPAA compliance, you need to cover both.
Some areas to address for your physical data security include:
- Server rooms: Who can get in and out of the rooms with equipment that physically stores electronic health records? Is there a security system in place that prevents people from entering and exiting the room without authorization?
- Emergency plans: What happens to the hardware in the event of an emergency, such as natural disaster?
- Workstations: Where are your workstations located, and how do you prevent unauthorized users from logging into the accounts?
- Data access tracking: Are you tracking who accesses and changes patient information? Start creating a paper trail.
- Disposal process: The hard drives that you store patient records on can’t simply be thrown in the trash. You need a way to ensure that no data can be recovered after you throw them away.
User Access Control
Healthcare organizations weather frequent attacks by cybercriminals due to a combination of poor IT security measures and valuable data. Ransomware, which is an attack that locks you out from your computer systems until you pay the ransom, is prevalent due to the life and death nature of the patient information you handle.
One reason why ransomware wrecks such havoc is that users have access to more system functionality than they should. A receptionist entering patient information into your EHR system doesn’t need an account that can install programs on it.
User access control limits the system privileges of all users to maintain security. You also stay on top of active and inactive accounts, as well as those owned by external businesses. Hackers often look for low-hanging fruit in their attempts, and getting administrative access to a system through a front-line employee or external partner is an easy way to compromise your system.
Strong password policies, with frequently changing, complex passwords, can also limit brute force attacks that try to figure out login information in your organization.
Your healthcare business relies on its IT infrastructure for many business processes. Make sure that it meets HIPAA standards to avoid fines and ensure that your patients don’t have to worry about their data being mishandled.
My favorite thing about Computer Options and their team is they are trustworthy. I've always seen them do the RIGHT thing for my clients and that is worth it's weight in gold. - Michael Bremmer, Telecom Quotes, Inc., Connectivity Expert
Very professional and customer focused. Staff is competent and easy to work with. The company strives to provide proven infrastructure for our business needs. - Dick Larsen, San Bernardino County, Treasurer-Tax Collector (Ret.)
We have been working with Computer Options for many years. During that time they have provided timely advice, excellent customer service, and a dedication to our computer operations being reliable and up to date.We greatly value our relationship with them! - Jeff Sceranka, CEO, Enterprise Funding
We've been closely working with Computer Options for over 7 years now. Their dedication to superior customer service and their attention to detail is what really amazes us with Brad and his team. - Jose Alarcon, CEO, Versatel
Great Company! Responsive and Responsible. I have the highest regard for Brad, Bryan, Chris and the rest of the team at Computer Options, Inc. With extreme confidence we have worked together with CO on mutual client solutions, or have referred numerous clients of our own to CO for System Design, Hardware, Implementation or Managed Services. For professional solutions CO always comes through. A superior recommendation! - Gordon Campbell, CEO & Managing Member, Cybertime Network Communications
Great team, great skills, great communications! We highly recommend Computer Options for any outsource IT solution! - Ryan Gross, P.E., BCEE, SDA, General Manager, Running Springs Water District
Mesa Grande Academy has been working with Computer Options since the early 2000’s. From the installation of fiber optic and network infrastructure, to server support, to troubleshooting network issues, to planning for hardware installations and upgrades, Computer Options has handled every request we have asked of them with promptness, expertise and service value. We continue to rely on the IT technology services of Computer Options to keep our school digitally connected, and we recommend Computer Options for your IT needs. - Alfred J. Riddle, Principal, Mesa Grande Academy
Our business like most, is so dependent on our computers, that without them we cannot do business. We need an IT partner who we can always count on. Computer Options has been that partner for over 10 years. Responsive, proactive, dependable and knowledgeable. They're the only IT company we recommend. - Mike Cheley, CEO, Graphtek Interactive
We have worked with Computer Options for more than 15 years, and during that time they have distinguished themselves as a knowledgeable technology partner. Their focus to detail and customer service make them a pleasure to work with, and their commitment to providing the best technical support available keep us coming back year after year. Computer Options is the only technology service provider that we trust to support our business clients. - Greg Whelan, Owner, Whelan BPI
Computer Options Staff is even tempered, well-mannered and very easy to work with. I have total confidence in their experience and trust that they will always have our best interest in mind when it comes to decision making and helping us stay within budget. - Jackie Mazzeo, GM, Regency Casino