In the second part of this series we will focus on what you should be doing to protect yourself. When you break down the main guidelines of HIPAA security rule it falls into three main components: administrative, physical, and technical. All three of these are designed to make sure practices are doing everything within their power to protect patient data. With Fuse being a managed service provider we will focus on the technical portion of the rule.
There are various things your business should be doing to prepare yourself for HIPAA. First, find a consultant who is knowledgeable on all three parts of the security rule (Physical, Administrative, and Technical). Obviously Fuse handles the technical portion but it’s a good practice to have a consultant to oversee all three portions. Another good precaution is to check with your insurance provider and see if they offer policies that could protect you from a HIPAA fines.
The Low hanging fruit of HIPAA Technical Security:
- Individual user names and passwords for all systems
- Password complexity requirements
- All mobile devices should be encrypted and contain pass codes
- All transmissions of patient data over the internet should be encrypted
- Any web technologies used should be done over SSL
Obviously there are many more items to be examined or implemented. With the constant evolution of both HIPAA and technology, Fuse is constantly doing internal training of our staff to stay abreast on the best technical practices as they apply to HIPAA. Fuse also utilizes various consultants within our industry to further our expertise on, not only the technical side of HIPAA, but the various legalities associated with HIPAA and the items we can implement to further protect our clients from liability.
Fuse has put many tireless hours into the creation of our technical HIPAA audit. Our thorough audit examines every piece of your technology and to identify possible HIPAA weaknesses. From that audit we create a plan of action on how to remedy the issues we find. We implement the technology to lock down your environment, as well as analyze how those items can affect your business practices and create a cohesive plan to implement the technology and security safeguards without causing huge disruption in your process and procedure.