HIPAA implementation is based on presumptions pertaining to PHI disclosure threat model. The procedure involves preventive as well as retroactive measures and includes process, technology, and personnel aspects.
The aim of HIPAA implementation procedure is guided by the threat model. It involves presumptions about
- Nature of threat whether an accidental revelation by an insider or access for profit
- Source of threat by an outsider or insider
- Means of likely threat by break in, trespassing, computer hack or virus
- Specific type of record at risk viz. patient identification, financials, medical, and
- Scale to keep track of the number of patients data threatened.
HIPAA procedure has to encompass explicitly stated policy, educational materials and events, transparent reinforcement methods, a timetable for examining of and methods for ongoing transparency with respect to HIPAA compliance. Documented policy usually comprises of statement of minimum privilege record access to finish the work, explanation of PHI and event assessing and reporting processes. Educational materials could comprise of case studies, control questions, and a time table of review meetings for people.
Technical Essentials for HIPAA Compliance
Technical essentials of HIPAA progresses go from logical data to network:
- To ensure physical data center safety, the manager must
- Ensure data center is under lock and key
- Maintain access list
- The activities inside and outside the building have to be monitored with closed circuit TV cameras.
- Protect backup data
- Protect data center with onsite security
- Test recovery process
- · To ensure safeguarding the network, the data center should add facilities for
- Network access monitoring and report auditing
- Secure networking which only includes firewall protection and encrypted data transfer.
- To ensure data security, the manager should have
- Role Based Access Control
- Individual authentication
- Audit trails
- Data discipline
HIPAA compliance needs specialized practice management attention. A practice with a diverse a number of systems for billing, scheduling and electronic medical records needs more than one different HIPAA management efforts. An integrated system makes the process of HIPAA implementation much simpler. By choosing a good HIPAA compliant provider of ASP or SaaS basis, as an outsourcing partner, HIPAA management expenses can be eliminated.