HIPPA A Few Need To Knows

HIPPA, which stands for, Health Insurance Portability and Accountability Act was put in to place in 1996 and was originated then to increase the portability of health insurance. Today, we live in a much different world and these guidelines and regulations have morphed the purpose to reduce fraud and simplify administration. Not only do health care professionals and their entities have to comply with these regulations but, business associates of health care professions must also be compliant. The penalties for these individuals are not just a slap on the wrist in fact, it can be up to $50,000/per regulation and up to $1.5million per year. So as you can see, the regulations should not be taken lightly.

When talking with clients, many questions regarding ePHI (Electronic Personal Health Information) arise. Below we discuss a few major questions and misconceptions and what we at Pendello specifically do to stay trained and keep you educated on compliance from a technology perspective.

One of the top questions we receive when dealing with HIPPA and ePHI is whether or not a workgroup network is sufficient or if a domain network is truly necessary?

The short answer is yes; a domain network is necessary. The reason behind this is, HIPAA regulations require all compliant entities to have an Individual User Identification standard, audit logs and information system activity reviews which all require the use of domain networks.

Another common question, as many of us are so mobile in our professions, is what to do with a laptop or electronic device which contains ePHI in the situation that it gets lost or stolen?

The important information here is, as long as the device is properly encrypted, then nothing is required. There is no need to report this missing device if it is properly encrypted thus showing an even greater importance for staying compliant.

The HIPPA guidelines and regulations are ever changing to encompass the changing healthcare industries’ and safety and security situations. So how does Pendello Solutions make sure we are up-to-date to continually educate our clients on changing regulations from a technology perspective?

We are constantly educating our team about HIPAA and making sure all Pendello employees are up-to-date on the most recent rules and regulation changes. So not only can we help our clients stay educated but are also fluent on the proper ways to access or handle PHI. To maintain a consistent method of accessing and handling this data, we have an implemented written policy to help our company stay compliant and regularly run up-to-date risk analyses.

If you have any questions about making sure your company is compliant or if this verbiage seems to be written in another language, give the Pendello Soluitonsbusiness technology associates a call today! Their expertise on how to become HIPAA compliant or how to securely maintain compliancy will keep your business running safely and securely!