Resources

Is Your Software HIPAA Compliant?

September 13, 2017

Managing HIPAA compliance is one of those things that all healthcare professionals dread but would likely much rather deal with than the alternative of a violation or a breach of PHI. But one aspect of managing HIPAA compliance that can be confusing is choosing compliant software.

Whether it’s your practice management, revenue cycle or telehealth software maintaining compliance standards should always be the foundation of how any healthcare practice chooses their software. Most importantly, it’s important to understand that there is no such thing as a HIPAA compliant program. There is no official certification for a program to become HIPAA certified – many advertise their programs this way but it is up to the practice’s due diligence to verify that their software follows the proper guidelines.

Within HIPAA Security requirements there are specific software rules for administrative safeguards, physical safeguards, and access control – these provisions are required in order for a particular system to be recognized as HIPAA compliant. Here are a few examples…

ADMINISTRATIVE SAFEGUARDS

The Security Rule defines administrative safeguards as, “administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.”
These areas include:
Access Authorization
Password Management
Disaster Recovery Plan
Data Backup Plan

PHYSICAL SAFEGUARDS

The Security Rule defines physical safeguards as “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.”
These areas include:
On-Site Security Plan & Data Backup and Storage

TECHNICAL SAFEGUARDS

The Security Rule defines technical safeguards in section 164.304 as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.”
These areas include:
Encryption / Decryption
Unique user identification
Automatic Log off

Administrative safeguard policies focus more closely on policies and procedures relative to software use while physical safeguards concentrate on the physical storage of data and access control address data protection.

Overcoming Revenue Cycle Challenges E-Book

Learn More

For more information on HIPAA compliance and and HIPAA security standards please visit https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html