Ours is an age of digital health records and specialized, collaborative health care and administration. To deliver the best care efficiently and economically, multiple parties, both within and outside a healthcare organization, need access to patients’ electronic health information (ePHI). But that imposes a complex set of requirements on your IT systems. The main physical and technical safeguards are:
Physical safeguards – All covered entities must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).
Technical safeguards – Access control includes using unique user IDs, emergency access procedures, automatic log off and encryption/decryption.
Audit reports, or tracking logs – Must be used to keep records of activity on hardware and software in order to pinpoint the source or cause of any security violations.
Technical policies – IT disaster recovery, offsite backup and business continuity ensure that any electronic media errors or failures can be dealt with quickly and ePHI can be recovered.
Network, or transmission, security – Security procedures and programs that cover all methods of transmitting data – email, Internet, or even over a private network, such as a private cloud.
Healthcare organizations that are “Covered Entities” under HIPAA are expected to secure electronic protected health information sent by email using reasonable and appropriate encryption technology. In the event that ePHI is lost or stolen, encrypted data is exempted from fines and consumer and agency notification by most regulations. Unencrypted data, however, is not exempted.
Capital Business Systems has the Managed Network Services to help you comply and have secure and compliant email easily and quickly.
Download our white paper “HIPAA and Cloud IT” now to learn more.