Aperio-it Logo

Formerly Aperio IT

  • Home
  • Services
    • Office 365 IT
    • Manage IT
    • Helpdesk IT
    • Cloud IT
    • Recover IT
    • Secure IT
  • About
    • Business Partners
    • Request A Demo
    • Referral Program
  • Support
    • Support Blog
  • Contact
  • Blog
  • Managed IT Support Services
  • Schedule My Free Assessment
Home Blog What Does Your IT Team Need to Know About HIPAA Compliance?

What Does Your IT Team Need to Know About HIPAA Compliance?

November 30, 2015 blog
HIPPA Sacramento

(Part 4 in our series on IT Compliance Concerns.)

In Part 3 of our series, we discussed how the HIPAA Act was created in an effort to make it easier for people to keep health insurance, maintain the confidentiality and security of their healthcare information, and to control healthcare administrative costs. In this post, we will focus some of the concerns faced by your IT team with regard to HIPAA compliance.

What are some of the Information Technology concerns for HIPAA compliance?
The main issue faced by IT with regard to HIPAA is keeping Protected Health Information (PHI) secure. The HIPAA Security Rule covers what is expected of companies with regard to maintaining the security of PHI in electronic form, but does not state the way that entities must go about providing this protection. Instead, it states the factors that should be considered for security measures. These factors include an entity’s size and capabilities, its information technology infrastructure, costs of security measures, and the chance and magnitude of anticipated risks to the security of PHI.

The Security Rule does specifically require that security measures include: measures to maintain the confidentiality, integrity, and availability of all electronic PHI an entity creates, handles, or transmits; measures to identify and protect against threats to the security or integrity of PHI that can be reasonably anticipated; measures to protect against uses or disclosures of electronic PHI that are prohibited by HIPAA; and efforts to ensure that employees comply with HIPAA requirements.

Some of the areas affected by these security needs include:
●    Data encryption.
●    Email encryption.
●    Multi-factor authentication (a system of security that requires multiple methods of authentication from different categories of credentials in order to identify a user for login purposes or for other transactions).
●    Compliance training.
●    Social engineering awareness. (You can read about social engineering in our blog post, “Technology Alone Is Not Enough for Security”.)

Another point to consider is that any company that allows the uses of mobile devices for business (particularly hospices, which do much of their work in patients’ homes), will need to be aware of and have solutions for mobile devices’ known security issues. As an example, consider the $50,000 penalty paid by the non-profit Hospice of North Idaho. In this case, an unencrypted company laptop was stolen, which contained electronic PHI for 441 patients. The investigation found that the company had not conducted adequate risk analysis.
Additional Concerns for HIPAA Regulations for the Use of PHI
Additionally under HIPAA, certain uses of PHI may be curtailed or prohibited. For instance, HIPAA prohibits the use or disclosure of PHI for marketing to individuals without obtaining an authorization, with only some exceptions. HIPAA also prohibits the receipt of direct or indirect remuneration in exchange for PHI. It also has rules for when PHI can and cannot be used for further research.

Coming soon: Part 5 in our series on IT Compliance Concerns, “Your Company and PCI DSS Compliance.”

Additional HIPAA resources:
●    National Hospice and Palliative Care Organization’s Compliance Tip Sheet.

Other posts in this series:
●    Part 1: Making Sure Your Business is SOX Compliant
●    Part 2: SOX Compliance and Your IT Team
●    Part 3: Making Sure Your Business is HIPAA Compliant

compliance trainingData encryptionHIPPAHIPPA COMPLIANCEHIPPA ITHIPPA SACRAMENTOHIPPA SecurityHOSPICE CARESACRAMENTO HOSPICE
Share:

Sales: (916) 352-8792

Support: (916) 568-6830

Sales: info@aperio-it.com

Support: support@aperio-it.com

SUPPORT LINKS
  • Remote Support App
  • Login To Client Portal
  • Create Support Ticket
SUPPORT LINKS

© Copyright Aperio IT

APERIO IT HAS A NEWSLETTER

Sign up today for free & stay current with local IT news.

X
Support Agent

Christina F

IT Specialist

What Makes Us Unique
  • Free Network Assessment
  • Host of IT Services
  • $50 Million Infrastructures
  • 30 Second Response time
  • Over 125 IT & Help Desk Technicians
  • Unlimited 24/7 Support
BBB Rating
Looking for Managed Services?

Get in touch with us today to find out how can we help you

Proudly serving over 1000 business nationwide

Thank you for reaching out to us. One of our experienced team members will reach out to you shortly. If you need to speak with someone immediately.

Call us at 916.568.6830