HIPAA (Healthcare) Compliance
HIPAA requires health care entities protect the privacy and security of individually identifiable health information. In addition, a 2003 update also requires compliance from business associates. The impact of HIPAA is enormous, adding significant regulations to many organizations.
The regulations go far beyond typical IT security configuration scenarios. In the health care industry, additional security measures protect patient records. Terminal can work with your organization to ensure compliance.
Terminal's HIPAA Services
Our HIPAA services are offered with a comprehensive approach; in one instance, Terminal identified a security camera at a site that pointed to a monitor displaying sensitive data, and noted that either the monitor or camera had to be moved.
Terminal uses the RapidFire Toolkit to assist with the collection and reporting of information.
The process involves:
- An initial audit that includes an interview and on-site survey reviewing the physical environment.
- An automated scan of every network PC with a noninvasive Network Detective program.
- Worksheets to collect additional user and computer information.
- An exception report, listing identified issues and vulnerabilities.
- Completed HIPAA compliance reports and documents.
Please contact us to begin a compliance audit for your organization. Some additional details about the requirements are listed below to help you get started.
Who must comply with HIPAA rules?
- Doctors, psychologists, dentists, chiropractors, nursing homes, pharmacies, and other health care clinincs that trasmit electronic data for certain types of transactions defined in the law.
- Health plan insurance companies and administrators, including government programs
- Health care data clearninghouses
- Other business associates who help any of the above carry out health care functions
What information is protected?
- Individually identfifiable health information, incuding demographc data, relating to:
- Health conditions
- Care services
- Medical payments
What safeguards must be implemented?
The following is a sample list of some administrative, physical, and technical safeguards that must be implemented:
- Conduct a risk analysis and regularly review audit reports and system access logs
- Limit electronic access to data by job function
- Implement security awareness training
- Establish data backup and disaster recovery plans
- Limit physical access to electronic information systems
- Ensure encryption of protected data
- Implement software access controls.