Last year, the US Department of Health and Human Services (HHS) reported that there were more than 600 data breaches of patient healthcare records. More than 40,000 records were exposed or stolen.
Healthcare providers must comply with federal laws that help protect a patient’s personal records. If you’re responsible for safeguarding patient medical data, check out this HIPAA compliance checklist to make sure you’re on the right track.
What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act. This is a group of federal laws that control how a patient’s healthcare information is stored or used. HIPAA also applies to transferring this data as well as the destruction of medical records.
What Does Protected Health Information Mean?
HIPAA applies to a concept of patient records called protected health information (PHI). This is the data that can personally identify clients or patients. Examples of a patient’s PHI include their home address, phone number, or Social Security number.
When a patient’s PHI is sent or viewed digitally, this information is called electronically protected health information or ePHI. HIPAA protections apply not only to healthcare providers who view patient data but to the patient’s right to access their own records under the HIPAA Privacy Rule.
HIPAA Compliance Checklist
Consider the following HIPAA compliance checklist to help you protect your patient’s ePHI in the administrative, technical and physical aspects of your practice. As you proceed, you just might find even more promising practices on how to boost HIPAA compliance.
Implement Administrative Protocols
Administrative protocols address procedures for medical staff to process, review or transmit ePHI. Administrative safeguards include keeping logs of any privileged user actions to review records.
Administrative protocols can also apply to noting security-related events. These events include connection or system failures, as well as access rights changes.
Manage Technical Safeguards
Technical safeguards can help control and protect access to patient data. These safeguards can range from protocols for data encryption to the destruction of medical data.
Make sure your patient billing and personal data are kept on encrypted databases. Any deleted documents or images that you previously had uploaded should be securely erased.
Software programs such as Certus can safely erase redundant or obsolete data from many types of electronics and hardware.
Develop Physical Safeguards
Physical safeguards include protecting access to physical office locations as well as equipment that stores or transmits ePHI. Make sure your office desktop computers limit ePHI access to authorized users only.
This equipment should also upload malware protection and update it regularly. Position computer monitors throughout your office reception area so that an unauthorized person can’t read what’s on them.
If your team uses mobile devices (laptops, tablets, smartphones), ask them not to store ePHI on these devices.
What Are Your Next Steps?
If you’re ready to secure HIPAA compliance for your medical practice, you should start right now. Use this HIPAA compliance checklist to jumpstart your efforts.
You can also find more helpful advice on how to be HIPAA compliant on our website. We’re here to help you take care of your number one priority – your patients.
