• (888) 849-6818
  • 9 AM to 5 PM Eastern Monday - Friday
  • Global Data Systems Inc. 33 Riverside Drive Pembroke, MA 02359

If you want your business to work with the healthcare industry, you must be informed about HIPAA and its implications for your IT infrastructure. HIPAA is the Health Insurance Portability and Accountability Act. While the goal of HIPAA was to regulate workers’ access to health insurance, it also massively overhauled privacy regulations for electronic medical records.

Healthcare HIPAA

The penalties for violating HIPAA are severe. Following new legislation in 2009, both business owners and individual employees can suffer up to $1.5 million in annual fines and 10 years of federal imprisonment. But, despite these concerns, small and medium businesses can follow a number of best practices to make working with the healthcare industry a reality.

How HIPAA Affects Business IT

While HIPAA’s main purpose was to regulate health insurance, it also introduced stringent regulations for handling Protected Health Information (PHI), which is medical information in any format that can be used to identify an individual. The Department of Health and Human Services (HHS) has issued a list of 18 HIPAA Identifiers (PDF) that denote information is PHI.

Some of these identifiers are common sense, such as names, “geographic subdivisions smaller than a state,” and phone numbers. But PHI also contains vaguely stated identifiers, including “account numbers” and “certificate/license numbers.” These broad terms mean a whole range of businesses must be prepared to meet HIPAA regulations, which requires properly secured IT infrastructure as well as comprehensive training and policies.

Practical Advice for HIPAA Compliance

Proper training ensures your business’s HIPAA compliance. Our advice is to keep it simple. Most employees don’t need to know how to resolve complex compliance matters; instead, your training simply needs to prepare them to identify and report potential violations according to your policies.

Proper compliance policies depend somewhat on the nature of your business, but here are some best practices every business working with PHI should follow.

  • Have a Compliance Officer: Create a dedicated HIPAA Compliance Officer role in your business who is responsible for resolving matters your other staff are trained to escalate.
  • De-identify by default: De-identification is the process of removing the 18 PHI identifiers from electronic files. When in doubt, remove identifiers, or don’t store the data to begin with.
  • Otherwise, encrypt: Encryption is a complicated topic. HHS has set several standards, so it’s best to work with an IT professional to ensure encryption is correctly implemented. The important thing for business owners to know is that PHI needs to be encrypted both “at rest” on your IT infrastructure and “in motion” when moving across your network and the Internet.
  • Perform IT Audits: This is best practice for a variety of business security reasons, but if you’re working with PHI, it’s doubly important to regularly audit your IT storage and network security.
  • Manage Mobile Devices: Most smartphones and tablets “sync” your data, which means they keep a copy of your files and email right on the device. Make sure you have a business policy to regulate what PHI data, if any, can be accessed by mobile devices.

While some policies will vary by business, what shouldn’t vary is enforcement. Proper training should keep employees informed of the severity of HIPAA violations, but you need to ensure your business enforces them appropriately nonetheless.

The HHS offers a wealth of further information so your business can implement HIPAA compliance.

Get More Advice on Managing Your Business for HIPAA Compliance

Do you want further advice on keeping your business IT compliant with HIPAA? Our team has years of experience to offer you. Give Global Data Systems, Inc. in {city} a call at (888) 849-6818 , or send an email to info@GDSConnect.com today.

Contact Info

Reach Us Through Email