Understanding Data Security Requirements With HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers to take more stringent measures to protect patient confidentiality. All healthcare providers will need to be aware of the requirements and make sure that your sensitive data is properly protected. Here are some things that you will need to be aware of.

Data that Needs to Be Protected

It is important to know which types of data need to be protected.  Title 45 CFR Part 46 of the law states that all personally identifiable information must be protected. There are exceptions for some employment and educational records, but anything pertaining to the patient’s medical records must be protected.

You need to make sure that an independent investigator would be unable to determine this information. It is a good idea to encrypt any information relevant to the patient, because some courts may interpret Title 45 CFR Part 46 slightly differently.

What Precautions Should You Take?

There are a number of data security requirements that you will need to take. Here are some things that you should keep in mind:

  • You need to guard against any reasonably foreseeable event which could compromise the data security. This includes protecting data from hackers and other external threats.
  • You need to make sure that all of your employees understand the laws and the penalties for breaching them.
  • You need to ensure that patient data covered under HIPAA is restricted to entities that have a right to access it.
  • You must encrypt all sensitive patient data and make sure that it can only be decrypted by personnel with the appropriate credentials.

The Health Insurance Portability and Accountability Act has changed the way that healthcare providers operate. You will need to make sure that you understand these policies and comply with them carefully.

Who is Responsible for Upholding HIPAA?

The Department of Health and Human Services recently clarified that all companies that access patient data must uphold HIPAA regulations. This means that healthcare contractors, data storage providers and any other third party that accesses patient data must help keep it protected.

Third party organizations are legally liable for protecting patient data, but that doesn’t mean that their negligence absolves you of responsibility. All companies involved may be subject to fines of up to $1.5 million for each violation. You will need to be careful when choosing companies to work with.

Do your homework on any data protection or cloud computing company before using them to store patient information. You want to make sure that they have proven that they are capable of protecting patient information before you decide to work with them. You should also find out if they understand HIPAA and have worked with other healthcare providers.

If you are storing data with a cloud hosting firm then you will need to make sure that it is located in the United States. You will have less control over data stored in another country, which could be considered a breach of HIPAA. Also, data sovereignty laws require all companies to store sensitive patient data on servers in the United States.

About the author: Kalen writes about developments in the technology industry. He is particularly passionate about writing about topics in cybersecurity and data protection.

Advertisement