The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires employers to protect employee medical records as confidential. HIPAA includes regulations that cover how employers must protect employees’ medical privacy rights and the privacy of their health information (PHI).
Any healthcare provider that electronically stores, processes or transmits medical records, medical claims, remittances, or certifications must comply with HIPAA regulations.
The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information.
Examples of PHI:
Common Examples of PHI under the US Health Insurance Portability and Accountability Act (HIPAA), PHI that is linked based on the below list of 18 “identifiers” must be treated with special care include:
•Health information that identifies an individual
•Geographic data (postal addresses)
•All elements of dates directly related to an individual
•Social Security numbers
•Medical record numbers
•Health plan beneficiary numbers
•Device identifiers and serial numbers
•Names of relatives
•Web Universal Resource Locator (URL)
•Internet protocol addresses
•Biometric identifiers (i.e. retinal scan, fingerprints, voice prints)
•Full face photos and comparable images
•Any unique identifying number, characteristic or code
Questions and Consideration to help you determine if you’re IT Infrastructure is HIPAA Compliant:
What Operating Systems do you use at the office?
How do users log on to their computers?
What antivirus program do you use?
How often do you run patches/updates?
What do you use for email?
Do you ever send out PHI using email, do you want to do so in the future?
Do you have wifi?
Do you carry PHI offsite using any type of media, from laptops to USB drive’s?
Do you have servers, and if so, what are they used for?
Do you have a web site? If so, do you have any type of patient interaction with the web site?
What kind of backup solution do you use, if any?
Upon review of the questions and considerations, if your answer is either no or you’re not sure, then there is a substantial chance that your Infrastructure is not in compliance with HIPAA law.
TechForce HIPAA IT Infrastructure Services:
Free assessment of IT Infrastructure
Report of findings and identification of known exposure points
Compliance Consultation identifying TechForce Technology’s Technical Approach to assist you with IT Infrastructure compliance
Determination of next steps towards IT Infrastructure HIPAA compliance