As a HIPAA expert, there is no other way to put it: HIPAA is a complex and oftentimes frustrating topic. I like to think of HIPAA as a mountain that physicians, nurses, practice administrators, and other members of the medical community need to conquer. The only way to do this successfully is to become a HIPAA Hiker!
Here are the 6 essential tools that every HIPAA Hiker should know:
- Know the mountain you are hiking: What is HIPAA? HIPAA stands for the Health Insurance Portability Accountability Act. It’s a large piece of legislation that covers everything from patients’ rights and access to health care, to the standard code sets for how providers and insurance companies communicate health care transactions, to how providers and their business associates should protect the privacy and security patient information. HIPAA is important because it provides guidance to the healthcare community on how to ensure a patient’s private information is protected and it outlines how this protected information needs to be stored, received, maintained, and transmitted electronically by providers or one of their business associates.
- Shortcuts on the trail: Is there a way to make Title II of HIPAA easier? There is no good answer to this and truthfully, I don’t think there is a way to make it easier. The key here is simple: take the time to understand HIPAA and how to best implement it.
- Getting into shape for the hike: HIPAA staff training. Training is very important. In fact, it’s a requirement under HIPAA for everyone in your organization that comes in contact with protected health information to be trained. During your training, you want to give your employees an understanding of HIPAA, the safe guards that are required to be compliant, and discuss the policies and procedures you expect employees to implement in order to meet these safe guards. I recommend you also document any training you provide to your employees.
- Wear sunscreen and sunglasses when hiking: Why medical practices need to protect their hardware/software. In many cases, protected health information is stored on hardware, such as servers, desktops, and even mobile devices. It’s important to treat this hardware like a backpack that contains your valuables. Would you leave your backpack unattended or open? Hopefully not. Similarly, software in place needs to be protected with software-whole disk encryption, anti-virus, anti-malware, and maybe more. These types of programs help protect your private information from intruders.
- Bring a compass: Resources to stay up-to-date on HIPAA changes. HIPAA is always changing. It was enacted in 1996 and since then, the security rule and the privacy rules have been updated. Recently, the Omnibus final rule was issued and it directly impacts HIPAA, including how practices need to implement and change their own policies and procedures. So it’s always a good idea to stay updated. Some good resources are blogs, social networking groups, and various websites. I would recommend the Office of Civil Rights— if you subscribe, you get updates on regulation changes. A pretty interesting group on LinkedIn called “The HIPAA Survival Group” is another option.
- Stay Hydrated. Final suggestions as a HIPAA Hiker: Do not forget to conduct a security audit. Always make sure the measures you have in place are meeting HIPAA requirements, including your software/hardware requirements. If there are any questions about whether or not you are meeting compliance, consult an expert.