The 3 Big Safeguards Put in Place by HIPAA Training
By now, you have probably heard of the Health Insurance Portability and Accountability Act, more…
By now, you have probably heard of the Health Insurance Portability and Accountability Act, more commonly known at HIPAA. Enacted in 1996, most of HIPAA’s regulations regarding security of personal health information (PHI) went into affect by 2003 and some later regulations going into affect in 2005. Even thought the term is fairly well known among the common population, many people still do not know exactly what HIPAA put into place regarding the security of PHI.
HIPAA is a large bill encompassing a wide variety of issues regarding health insurance coverage and privacy and security of health information. In regards to PHI security in specific, HIPAA has three major security safeguards that went into affect with The Final Rule on Security Standards in 2005. The security rule deals with the security of electronic health records specifically. Those three categories of security safeguards are administrative safeguards, physical safeguards, and technical safeguards.
Administrative Safeguards
Administrative safeguards address the entities who handle all electronic medical records including healthcare providers, health insurance, and others. They help to outline specifically what policies the entities need to have in place and how their administrative offices should address electronic health records. Some examples include:
• All entities much adopt a written privacy policy
• All entities much appoint a privacy officer responsible for writing all privacy policies and keeping in compliance
• Entities must implement an ongoing employee HIPAA training in Weight Loss Friendly Foods regards to electronic medical records and personal health information
• If any work is outsourced by covered entities, the outsourcer must undergo all HIPAA training that full time employees enroll in
Physical Safeguards
Physical safeguards require all entities to have certain physical safeguards to the access of electronic health records ensuring only qualified, clearance personal are allowed access to electronic health records. Some examples include:
• Access to computers and other equipment that houses electronic medical records must be monitored and controlled
• Only authorized individuals should be allowed access to equipment housing electronic medical records or personal health information
• All entities are required to have controls in place including security plans, maintenance records and sign-in logs
• Any contractors or agents must be trained in the same security policies as full time employees
Technical Safeguards
The technical safeguards deal with the computers and technology involved with electronic medical records. Some examples include:
• Any information that is transmitted over open networks is required to be encrypted
• All covered entities must make documentation of their HIPAA practices readily available to the government
• Information systems that contain electronic health records and personal Creating Healthy Eating Habits health information must be closed networks and resistant against intrusion
• Each entity is responsible for ensuring no personal health information has been altered without permission or deleted
This list is just a preview of the overall security safeguards required by HIPAA. The extensive act covers all aspects of security to help ensure personal information and electronic health records remain safe and private. If you are a citizen it is important to understand HIPAA and know your privacy and security rights. If you are a healthcare provider or other HIPAA covered entity, it is crucial to understand all the steps you need to take to stay in compliance.