HIPAA Can Be Significantly Easier to Deal With if You Have M5 Systems Giving You a Hand
Officially known as the Health Insurance Portability and Accountability Act, HIPAA sets the standards for protecting sensitive information.
HIPAA requires adherence to four main rules:
- HIPAA Privacy Rule, outlines limitations of PHI disclosure
- HIPAA Security Rule, outlines physical, technological and administrative safeguards that must be in place
- HIPAA Enforcement Rule, outlines procedures for investigations and penalties for violations
- HIPAA Breach Notification Rule, outlines who must be notified of breaches, and when
While we’d be happy to chat about any of the rules, the HIPAA Security Rule is where most companies seek our help. The HIPAA Security Rule includes yet goes far beyond much more than simply making sure you have hard-to-crack passwords for authorized users. It goes into great detail on the specific precautionary measures you need to protect PHI on multiple levels.
A number of technical safeguards are part of the mix, including:
- Ensuring only authorized access to electronic PHI (ePHI)
- Access control with unique user IDs, emergency access procedures and automatic log off
- Encryption and decryption of info
- Tracking logs or audit reports to record activity on hardware and software
- Technical polies that cover integrity controls
- IT disaster recovery and offsite backup to ensure rapid remediation and accurate, intact recovery of ePHI
- Transmission security to protect against unauthorized public access of ePHI over email, the internet, a private cloud or network