Are You Meeting Your HIPAA Compliance Obligations?
I recently returned from SIIM 2007 in Providence, Rhode Island - among the year’s most prominent technology events in healthcare. One of the biggest takeaways was that clearly, HIPAA compliance is of critical concern for healthcare providers, so I wanted to take a moment and add my two cents on this important and multifaceted subject.
The HIPAA Act of 1996 affects virtually all healthcare providers, health and life insurers, public health authorities, healthcare clearinghouses, and self-insured employees, just to name a few. It calls for severe civil and criminal penalties for noncompliance.
If your organization fits into the above, it’s vital that you familiarize yourself with this subject and make certain that you comply with HIPAA regulations.
HIPAA compliance calls for:
• Standardization of electronic patient information.
• Unique health identifiers for individuals, employers, health plans and healthcare providers.
• Security standards protecting the confidentiality and integrity of ‘individually identifiable health information’, past, present and future.
When implementing a HIPAA-compliant data storage system, be sure it addresses the following:
• A means to control access to electronic protected health information only to authorized personnel.
• A mechanism to encrypt and decrypt data.
• Audit control mechanisms that record and examine activity.
• Policies/procedures that will protect your data from improper alterations or destructions.
• The ability to substantiate whether a file has been tampered with, so the authenticity of information can be confirmed.
If you’re looking for a good data archiving solution to help you achieve HIPAA compliance, be sure to check out Nexsan’s Assureon.