508-909-5961 [email protected]

Are you HIPAA-compliant? 4 Things to look intoHealth Insurance Portability and Accountability Act (HIPAA) regulations pertaining to IT have become much clearer over the past few years, but there are still a few areas in which your office might not be compliant. This isn’t necessarily because of negligence on your part, but rather a lack of understanding of the requirements. Let’s look […]

The post Are you HIPAA-compliant? 4 Things to look into appeared first on Complete Technology Resources, Inc..

Are you HIPAA-compliant? 4 Things to look into

Health Insurance Portability and Accountability Act (HIPAA) regulations pertaining to IT have become much clearer over the past few years, but there are still a few areas in which your office might not be compliant. This isn’t necessarily because of negligence on your part, but rather a lack of understanding of the requirements. Let’s look at four things about HIPAA and your IT that you should know about

1. Whether it be on-premises, on the cloud, or both, data storage must be HIPAA-compliant

Electronic protected health information (ePHI) and any sensitive documents like billing records, appointment information, and test results must be stored in HIPAA-compliant devices and servers. More specifically, your devices and services should have multiple layers of security, including endpoint protection software, encryption systems, and strict access controls.

Healthcare providers tend to prefer building their own data centers since they won’t require internet connectivity to access on-premises data storage. However, storage space may be limited, so the cloud is viable, especially for less sensitive ePHI. When choosing cloud-based storage for your EHRs, make sure that you and your service provider meet HIPAA requirements.

2. Data must be secured while providing telehealth and mHealth services

If your practice has invested in or is thinking about investing in telehealth or mobile health (mHealth), then you need to make sure that the tech you utilize is HIPAA-compliant. While most telehealth technologies are HIPAA-approved, one or two additional measures may be required for complete compliance. For example, you may need to utilize encryption in transit to prevent man-in-the-middle attacks during virtual consultations. An IT specialist should have no problem making sure your telehealth solution is up to code.

On the other hand, mHealth may be a little more problematic, as it is a new and constantly changing field. Your best bet is to consult with an expert to make sure that you’re following all the necessary regulations when providing mHealth services.

3. Healthcare business associates must also be HIPAA-compliant

Conforming to HIPAA regulations is not just limited to medical practices, healthcare clearinghouses, and health plan organizations. Any business that has access, electronic or otherwise, to PHI is also required by law to be HIPAA-compliant. This includes any accounting or law firms you work with that may already be accessing your files electronically to carry out work.

To avoid any potential trouble for your practice or its partners, it is best to ask them if they are HIPAA-compliant before partnering with them. If they aren’t, do not grant them data access privileges.

4. Your protected health information (PHI) notice must be available online

If your practice has a website, HIPAA rules dictate that your website must contain a copy of your updated PHI notice for patients to access. This notice informs patients of their rights with regard to their health information. If this information is not currently posted on your website, rectify this as soon as possible to avoid any problems.

Still not sure if you’re 100% HIPAA-compliant? Our team of experts can run the necessary risk analysis and identify areas of your technology that may not be in line with current regulations. Just give us a call today.

Published with permission from TechAdvisory.org. Source.

The post Are you HIPAA-compliant? 4 Things to look into appeared first on Complete Technology Resources, Inc..

Read More

4 Facts about HIPAA and your ITHealth Insurance Portability and Accountability Act (HIPAA) regulations pertaining to IT have become much clearer over the course of the past few years, but there are still a few areas in which your office might not be compliant. This isn’t necessarily because of negligence on your part, but rather a lack of understanding of the […]

The post 4 Facts about HIPAA and your IT appeared first on Complete Technology Resources, Inc..

4 Facts about HIPAA and your IT

Health Insurance Portability and Accountability Act (HIPAA) regulations pertaining to IT have become much clearer over the course of the past few years, but there are still a few areas in which your office might not be compliant. This isn’t necessarily because of negligence on your part, but rather a lack of understanding of the requirements. Let’s look at four concerns your practice should know about HIPAA and your IT.

Telehealth and mHealth are not always compliant

If your practice has invested in or is thinking about investing in telehealth or mobile health (mHealth), then you need to make sure that the tech you utilize is HIPAA-compliant. While most telehealth technology is HIPAA-approved, one or two additional measures may be required to make it compliant. An IT specialist should have no problem making sure your telehealth is up to code.

On the other hand, mHealth may be a little more problematic. While a lot of hardware and apps, including Fitbit and Apple Watch, are HIPAA-compliant, mHealth is a field that is still very new and constantly changing. Your best bet is to consult with an expert to make sure your mHealth services are following all the necessary regulations.

All information needs to be HIPAA-compliant

Electronic health records (EHRs) and any sensitive documents like billing records, appointment information, and test results must be stored in HIPAA-compliant devices and servers. More specifically, your devices and services should have multiple layers of security, including endpoint protection software, encryption systems, and strict access controls.

A lot of medical practices that use cloud-based storage for their EHRs overlook this fact and opt for low-cost platforms that don’t meet certain minimums. While it’s good to have your EHRs ready to go on the cloud, make sure that your non-EHR data is protected as well. If it isn’t, you could be facing a fine.

Your protected health information (PHI) notice must be available online

If your practice has a website, HIPAA’s rules dictate that your website must contain a copy of your updated PHI notice for patients to access. If this information is not currently posted on your website, rectify this as soon as possible to avoid any problems.

Healthcare business associates must also be HIPAA-compliant

Conformity to HIPAA regulations is not just limited to medical practices, healthcare clearinghouses, and health plan organizations. Any business that has access, electronic or otherwise, to PHI is also required by law to be HIPAA-compliant. This includes any accounting or law firms you work with that may already be accessing your files electronically to carry out work.

To avoid any potential trouble for your practice or its partners, it is best to ask them if they are HIPAA-compliant before partnering with them. If they aren’t, revoke all data access privileges, and make sure they take action to correct this issue immediately.

Still not sure if you’re 100% HIPAA-compliant? Our team of experts can run the necessary risk analysis and correct issues with your technology that may not be in line with current regulations. Just give us a call today.

Published with permission from TechAdvisory.org. Source.

The post 4 Facts about HIPAA and your IT appeared first on Complete Technology Resources, Inc..

Read More