If your practice is handling protected health information (PHI) and you have decided to be HIPAA compliant, there are some steps you should take.
The truth is, HIPAA compliance is a great answer to protecting the privacy and security of protected health information (PHI). However, this type of compliance is not that simple and there are certain precautions, rules and things you need to dissect.
Speaking of rules, these are the four main ones that you need to be aware of:
- HIPAA Privacy Rule
- HIPAA Security Rule
- HIPAA Enforcement Rule
- HIPAA Breach Notification Rule
Each of these rules should be followed in specific situations. For example, for action items – you should follow the HIPAA Privacy Rule and the HIPAA Security Rule.
The HIPAA Security Rule is made up of three parts including technical safeguards, physical safeguards and administrative safeguards – all including certain implementation specifications as “required” and “addressable”. The required ones must be implemented and the addressable ones must be implemented if it is reasonable and appropriate to do so.
When it comes to the technical safeguards, this includes access control, audit controls, integrity, authentication and transmission security. All of these are rules for tracking user identity and implementing certain electronic procedures.
The physical safeguards, on the other hand, are a set of rules that focus on your physical access to PHI. There are Facility Access Controls, Workstation Use, Workstation Security and Device and Media Controls. When broken down, these standards give you a list of things that you need to implement, from controls to policies.
When it comes to the HIPAA Privacy Rule, it mainly centers around the impermissible uses, breach notifications, disclosures and requirements. Ideally, you should put safeguards in place to protect your health information, reasonable limit the uses and sharing as well as have certain agreements and procedures in place.
The best way to digest all of the rules and specifications is to visit this page and make most of the details. If your EMR is not fully HIPAA compliant, take caution. HENO takes HIPAA very seriously and is fully compliant in every aspect.