All Data Fast News is © Data Fast Solutions, unless where otherwise indicated • All Rights Reserved
Keep up to date with Data Fast Solutions for your business.
In a previous article, Small Healthcare Providers and HIPAA Compliance, it was noted that many small to mid-sized healthcare offices are less likely to appoint a HIPAA Privacy Officer and a HIPAA Security Officer. Part of the challenge is that privacy and security officers are hard to find across many sectors. The healthcare industry, requiring candidates with in-depth knowledge of HIPAA and HITECH, can make filling the position even more difficult. However, as HIPAA rules and technology continue to evolve, this is one area where adhering to the HIPAA mandate can keep smaller offices from experiencing a privacy breach.
Understanding the responsibilities of each officer can help smaller organizations find existing or new employees who may fit the requirements with little or no additional training.
According to the American Health Information Management Association (AHIMA), a privacy officer’s responsibilities include:
AHIMA describes the responsibility of a HIPAA Security Officer as one who:
It’s important to note that if one individual meets the requirements of both officers it is acceptable for one person to perform both roles. However, many smaller offices tend to appoint an existing office or billing manager to the privacy and security position. In doing that, one or more privacy and security duties may not be performed adequately. So, it is okay for some work to be delegated to others if the privacy and security officer makes sure that the work is carried out properly.
For assistance from an I. T. security standpoint, a HIPAA knowledgeable I.T. professional can help. Data Fast Solutions has been providing HIPAA I.T. services in the Dallas Fort Worth area for many years. If you have any questions about your information technology and HIPAA compliance, contact Data Fast Solutions today!
This article is ©2017 Data Fast Solutions • All Rights Reserved
Healthcare professionals are now well-versed in HIPAA policies and procedures and are well aware of the importance of HIPAA and the ramifications for non-compliance. However, some healthcare workers may not be as familiar with the HITECH Act. Per HHS.gov, “the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology.”
HITECH was put in place to meet certain goals of the existing regulatory aspects of HIPAA which included improving quality of care through reduced costs and efficiency. Patient personal health information (PHI) in electronic health records (EHI) is of utmost importance in meeting HIPAA guidelines. Having a good information technology company who is well trained and certified in HIPAA/HITECH analysis and assessment can save your health care organization valuable time and money.
A thorough HIPAA/HITECH analysis should include a review of your PHI/ePHI policies and procedures as well as an examination of your network layout and infrastructure. The analysis can identify whether encrypted or unencrypted PHI is being used in portable devices such as laptops, phones, or thumb drives to lessen the risk of cyber attacks. Other areas of the analysis should include a review of the way fax machines are used, if any, and their potential for leaving PHI vulnerable. Rather than using a fax machine, a knowledgeable I.T. company can give you more convenient, secure, modes of transmitting PHI to lessen your organization’s risk of exposing sensitive information. In addition, the use of email and possibility for breaches in unsecured webmail systems, such as those used outside the office to send and receive email from home, should be reviewed. And, finally, an analysis of an area that is surprisingly often overlooked is the way in which PHI is stored, purged or destroyed.
If breaches are found in an analysis, a HIPAA/HITECH assessment can determine the severity of the breach and an I.T. professional can take the steps necessary to secure your network as quickly as possible. As with the analysis, an assessment should be done by HIPAA/HITECH certified trained and knowledgeable I.T. expert to avoid costly mistakes.
In April, 2014, the FBI issued a warning to health care organizations that the highest volume of cyber threats are in the healthcare industry. “Data analysis revealed multiple devices (e.g., radiology imaging software, digital video systems, faxes, printers) and security application systems (e.g., Virtual Private Networks (VPN), firewalls, and routers) were compromised.” Which is why a HIPAA/HITECH analysis and assessment is vitally important.
Also, the FBI reports that according to a Ponemon Institute report dated March 2013, “63% of the health care organizations surveyed reported a data breach in the past two years with an average monetary loss of $2.4 million per data breach. The majority of each data breach resulted in the theft of information assets. Lastly, 45% reported that their organizations have not implemented security measures to protect patient information.”
Patient information can be much more sensitive than data in in other industries making it more appealing for cyber attacks. Yet, according to the FBI “the healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.”
Treating information technology in your healthcare practice as importantly as you do your patients, by relying on HIPAA/HITECH trained and certified professionals, will ensure your organization is not part of the FBI statistics.
This article is ©2016 Data Fast Solutions • All Rights Reserved