Does your organization provide healthcare services or health plans? Is your organization involved in reviewing or processing medical claims? Do you provide services that involve the access, use, or disclosure of protected health information (PHI)? If you answered yes to any of these questions, then your organization may be subject to the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA is a constantly updated federal law that ensures the continued protection of PHI from unauthorized disclosure while also facilitating PHI sharing for efficient delivery of healthcare services. In this regard, the HIPAA Security Rule was enacted in April 2005. The HIPAA Security Rule aims to protect electronic PHI by requiring covered entities and their business associates to implement three types of safeguards: administrative, physical, and technical.
To fulfill this requirement, use this handy checklist as a guide.
Read also: HIPAA compliance basics for business owners
Administrative safeguards
Your company must have a Security Officer and a Privacy Officer who will implement policies and procedures that secure ePHI. These officers have the following responsibilities:
Physical safeguards
These safeguards pertain to restricting physical access to ePHI storage devices, be they on site, in a remote data center, in a cloud provider's facility, or wherever else they may be located. The safeguard must also secure workstations and mobile devices from unauthorized access. In practical terms, this means having the following measures in place:
Technical safeguards
Under HIPAA, you must leverage the following IT solutions and measures to protect ePHI:
Getting overwhelmed by all the security requirements? Don’t worry, Safebit is here to help. With us at your side, you can rest easy knowing that your tech is fully compliant with HIPAA. Get in touch with our IT experts today.