Medical records are private and their exposure could lead to negative consequences such as social stigma and job discrimination. The Health Insurance Portability and Accountability Act (HIPAA) protects these data and grants patients the right to view their own health information so that they can enjoy more control over their care. Healthcare practices must therefore make sure that they have all their bases covered when it comes to HIPAA compliance. Below are four of the most important factors to consider.

1. Whether it be on-premises, on the cloud, or both, data storage must be HIPAA-compliant

Electronic protected health information (ePHI) and any sensitive documents like billing records, appointment information, and test results must be stored in HIPAA-compliant devices and servers. More specifically, your devices and services should have multiple layers of security, including endpoint protection software, encryption systems, and strict access controls.

Healthcare providers tend to prefer building their own data centers since they won’t require internet connectivity to access on-premises data storage. However, storage space may be limited, so the cloud is viable, especially for less sensitive ePHI. When choosing cloud-based storage for your EHRs, make sure that you and your service provider meet HIPAA requirements.

2. Data must be secured while providing telehealth and mHealth services

If your practice has invested in or is thinking about investing in telehealth or mobile health (mHealth), then you need to make sure that the tech you utilize is HIPAA-compliant. While most telehealth technologies are HIPAA-approved, one or two additional measures may be required for complete compliance. For example, you may need to utilize encryption in transit to prevent man-in-the-middle attacks during virtual consultations. An IT specialist should have no problem making sure your telehealth solution is up to code.

On the other hand, mHealth may be a little more problematic, as it is a new and constantly changing field. Your best bet is to consult with an expert to make sure that you’re following all the necessary regulations when providing mHealth services.

3. Healthcare business associates must also be HIPAA-compliant

Conforming to HIPAA regulations is not just limited to medical practices, healthcare clearinghouses, and health plan organizations. Any business that has access, electronic or otherwise, to PHI is also required by law to be HIPAA-compliant. This includes any accounting or law firms you work with that may already be accessing your files electronically to carry out work.

To avoid any potential trouble for your practice or its partners, it is best to ask them if they are HIPAA-compliant before partnering with them. If they aren’t, do not grant them data access privileges.

4. Your protected health information (PHI) notice must be available online

If your practice has a website, HIPAA rules dictate that your website must contain a copy of your updated PHI notice for patients to access. This notice informs patients of their rights with regard to their health information. If this information is not currently posted on your website, rectify this as soon as possible to avoid any problems.

Still not sure if you’re 100% HIPAA-compliant? Our team of experts can run the necessary risk analysis and identify areas of your technology that may not be in line with current regulations. Just give us a call today.

The post 4 Important factors about HIPAA and your IT appeared first on TechSolutions, Inc..

ESPN recently reported that a laptop containing the medical records of thousands of NFL players was stolen from the car of a Washington Redskins’ trainer. And while the team released a statement saying no health information protected under HIPAA guidelines was at risk, the incident shows that EMRs are vulnerable no matter the size of your company. That’s why you need to have all medical records completely protected no matter where they are being stored.

And while the Redskins’ situation was bad, an NFL spokesperson did state that the NFL EMR system was not compromised and the league believes the thief was unable to gain access to the intercepted computer or its files. However, this does not mean the situation is resolved and the team is now in the process of informing every person who could be affected.

Not only is this embarrassing but the Redskins could also be vulnerable to civil lawsuits from players affected even if no HIPAA protected information was accessed. If this sensitive data had been breached the team would have faced a significant fine from the federal government in addition to these lawsuits.

According to Bloomberg Business News, a Massachusetts hospital was required to pay the federal government $850,000 for HIPAA violations last year after a laptop containing private health information was stolen. This event triggered a system-wide analysis which revealed several other areas of non-compliance. Not only was the hospital required to pay the fine, but it also had to invest heavily to upgrade their technology systems.

These two stories can serve as a valuable learning tool for any organization that stores documents or files that are regulated under HIPAA guidelines. For starters, it is important to understand that while email threats like phishing are very real and dangerous, the easiest way for a person to gain access to medical records is to simply take the device they are physically stored on.

That is why it is absolutely vital to have any device, be it a smartphone, a computer or tablet, password protected and encrypted should it store or transmit medical information of any sort. This, however, is simply the bare minimum and you might want to consider additional security measures such as two-factor authentication to add an extra level of protection to your devices.

Another thing to consider is storing your EMR using the cloud. When files are stored on the cloud, it means you have complete control over who is able to access these documents and where they can be accessed from. In the case of a missing laptop, once it has been reported as lost, you can immediately block it from retrieving any files and perform a remote wipe which will erase anything currently stored on it.

It is important to remember that every device, even those at companies that use the cloud for document access and storage, still need to have strong passwords and encryption in place. Also, it should be noted that transferring HIPAA-protected data to the cloud is a process that must be handled with care. There are several things which must be addressed to ensure your data is protected in line with all government regulations. Bringing in a cloud service provider who specializes in HIPAA storage can make this process a smooth one for you, your staff, and your patients.

Need help protecting your EMR? Interested in learning more about utilizing the cloud to store your documents? Contact us today. We’re experts in HIPAA-related matters and will guarantee your information remains safe and compliant.

The post NFL team fumbles their Electronic Medical Records appeared first on TechSolutions, Inc..

While HIPPA’s implementation in relation to technology has been problematic to say the least, things have become much clearer over the course of the past year. However, there are still a few areas in which your office might not be compliant. This isn’t necessarily through negligence on your part, but rather simply a lack of understanding as to the requirements. We look at four facts your practice should know about HIPAA and your IT.

If you’re still confused about which parts of your IT are HIPAA-compliant and which parts need to be addressed, don’t panic. You’re not the only practice still struggling to figure out just what exactly is and isn’t compliant. Here are four important things you should know about the technology your office uses and its relationship with HIPAA.

Telehealth and mHealth are not always compliant

If your practice has invested or is thinking about investing in telehealth or mHealth, you need to make sure it is HIPAA-compliant. While most telehealth technology is HIPAA-approved, you might be required to enact one or two measures to make it compliant. An IT specialist should have no problem making sure your telehealth is up to code.

On the other hand, mHealth might be a little more problematic. While a lot of hardware and apps, including Fitbit and the Apple Watch, are HIPAA-compliant, it is a field that is still very new and constantly changing. Your best bet is to consult regularly with an expert to make sure your mHealth is following all the necessary regulations.

All info, not just EHRs, needs to be HIPAA-compliant

If your office has individually identifiable ePHI data sets on-site, including information like billing records, appointment information and test results, they must be kept on HIPAA-compliant devices and servers. A lot of medical practices that use cloud-based storage for their EHRs overlook this fact. While it’s good to have your EHRs ready to go on the cloud, make sure the rest of your ePHI data is protected as well. If it isn’t, you could be facing a fine.

Your protected health information notice must be available online

If your practice has a website, HIPAA’s rules dictate that it must contain a copy of your updated protected health information notice for patients to access. If you have a website and this information is not currently posted, you might consider getting this done in the near future in order to avoid any problems.

Healthcare business associates must also be HIPAA-compliant

It is not just medical practices, healthcare clearinghouses, and health plan organizations that are required to be HIPAA-compliant. Any other business that has access, electronic or otherwise, to protected health information is also required by law to be HIPAA-compliant. This includes any accounting or law firms you work with that may already be accessing your files electronically to carry out work. In order to avoid any potential trouble for your practice or its partners, it best to ask them if they are HIPAA-compliant. If they aren’t, cease all access to files, and make sure they take action to correct this issue immediately.

Still not sure if you’re 100% HIPAA-compliant? Our team of experts can run the necessary risk analysis, and assist in correcting any areas of your technology that may not be in line with current regulations.

The post 4 facts about HIPAA and your IT appeared first on TechSolutions, Inc..