What You May Not Know (But Should) About HIPAA Compliance

5 Things to Kno

If your company works with sensitive personal health information, you know how important it is to keep this information from being accessed or seen by anyone who isn’t authorized to view it. This can be people in your office as well as people outside your company, who breach your computer security protocols.

HIPAA, the Health Information Portability and Accountability Act, which was enacted in 1996, requires all companies that deal with sensitive health care information, not just health care providers, to put in place the necessary security systems to keep that information from being seen by or disclosed to unauthorized persons. However, being HIPAA compliant isn’t just about putting up a firewall and having your systems password protected.

5 Things to Know About HIPAA Compliance
  1. There are several ways to be HIPAA compliant. HIPAA requires that you use best industry practices to ensure the safety and confidentiality of the information you work with. These practices depend on the technology you use, your physical set-up and whether you use cloud services. These practices will also evolve as technology changes. Being compliant today doesn’t necessarily mean that you’ll be compliant tomorrow.
  2. HIPAA requires that you report any violations. Part of the HIPAA requirements state that you must report any violations by your company or by any service provider you work with to the Department of Health and Human Services or face fines yourself.
  3. Training is an important part of HIPAA. It’s not just enough to put the necessary security procedures in place. All personnel and new hires need to be trained in their use and their importance.
  4. Disposal is key. Another part of being HIPAA compliant that many businesses don’t think about is what to do with the information stored on computers, flash drives and other electronic equipment when that equipment is replaced. You need to have a procedure in place to wipe the memories of your old electronics.
  5. You need to have a disaster plan. While keeping your employees safe during a natural disaster is key, you also need to consider how to protect your information. In the event of an earthquake, fire or tornado, you might not have very much time to lock down your systems. You need a quick, well-practiced routine to put into place in the event of an emergency.

Keeping your company HIPAA compliant is an on-going process and there’s no one procedure that’s right for every company that deals with sensitive health care information. Make sure that your company stays ahead of new technology and new requirements by enlisting the aid of a compliance partner, like Edge Hosting. We help keep your client’s personal information private in the cloud and beyond.

Go back