In today’s modern, busy and high tech world, most of the personal business of people is conducted online. This includes accessing information regarding private health records etc. Healthcare providers have no choice but to grant access to this private health information or face losing their customers.
HIPAA also commonly known as The Health Insurance Portability and Accountability Act, requires employment of stringent measures by the health care providers, to assure the patient that his/her personal health records are protected from the unauthorized access over the internet.
HIPAA when enacted required health-providing entities to assure the confidentiality of patient information in the following ways:
- Responsibility for security was to be assigned to a person or organization.
- Assessment of risks to find out any security or privacy threats to medical information.
- Establishment of a program to address physical, personnel and technical security controls.
- Certification of effectiveness of the employed security controls.
- Creating procedures, guidelines and policies to use computing devices, and ensuring that the suitable mechanisms are there to allow or ban access to an individual’s status.
- Implementation of controls on access which include user-based access, encryption, role-based access, context-based access and auditing control mechanisms, authentication of data, and authentication of entity.
Security is the key
HIPAA provides for both civil and criminal action against the violations and violators, as data access and security is top priority for a healthcare firm. To assure HIPAA compliance, security features that should be included in online documents are:
- Secure web server – A server should be running secure socket layers. It is the bare minimum required.
- Encrypted database – All data has to be encrypted. Modern Encryption Software is available that encrypts all the data sent between two computer and any device on the internet.
- Session timeout – This assures that private data is not left unattended and is only viewed by unauthorized personnel.
- Server monitoring – monitoring of the web server is required to detect break-in attempts and hacking attempts.
- Secure access control – Apart from user id and password, for additional security, strong passwords and smart cards should be used.
- Regular security audits – all security precautions need to be checked for their state of readines and proper working. For this regular audits should be carried out.
- Personnel – Qualified personnel familiar with HIPPA requirements should be employees for system maintenance.