The 2 important parts of HIPAA that pertains to computer network security are:

1. Administrative Safeguards:

To attain HIPAA compliance the provider must recognize, protect and intimate any malevolent software program in the system. The compromised emails are carriers of worms, virus and Trojans, and there has to be a safeguard measure to stop the unwanted breach. For managing the computer systems network efficiently, it is important to keep a watch by installing specialized security measures as noted below:

Gateway and virus blocking mechanism should be in place.

The safeguard system should be able to carry out, deep packet penetration, inspect and provision for relevant web filtering mechanisms to the network. Signature systems that refresh at every half hour should be used as they are the premier defense shields against rapidly moving worms.

Security Measures

For a computer network to be HIPAA compliant, it is essential for the organization to draft a security system, which gives authority to the key people or software systems to access the confidential health information.

Appropriate encryption mechanisms should be in place to code the confidential health information when in transit to stop unauthorized access or intercept. The sending of information must be encrypted in a high security encryption and must be received by authorized users who must use the decryption code to decrypt the message.

Ultimately, it is necessary for all parties concerned in the healthcare system, like health service providers, insurance providers, transcription service providers, labs, internet service providers, hospitals and billing services to cement a relation of trust to ensure confidentiality of patient information shared between them. This can be achieved through a linkage of computers that stick to HIPAA rules and regulations to achieve a safe and protected transmission, of private health information on a public platform.

Related Hipaa Posts

• May 29, 2010 — HIPAA and the Internet: Intranet Collaboration Software requirements
• April 17, 2010 — Problems in HIPAA compliance
• June 1, 2010 — Reasons medical businesses should comply with HIPAA regulations
• May 25, 2010 — HIPAA Emails compliance – Safeguard your private information
• May 24, 2010 — Factors influencing HIPAA Compliance
• May 20, 2010 — HIPAA Implementation Procedure
• April 24, 2010 — What Are HIPAA Laws?
• April 24, 2010 — HIPAA: What is it?
• April 21, 2010 — Complete HIPAA Guide
• April 20, 2010 — Medical billing software and HIPAA

HIPAA also commonly known as The Health Insurance Portability and Accountability Act, requires employment of stringent measures by the health care providers, to assure the patient that his/her personal health records are protected from the unauthorized access over the internet.

HIPAA when enacted required health-providing entities to assure the confidentiality of patient information in the following ways:

• Responsibility for security was to be assigned to a person or organization.
• Assessment of risks to find out any security or privacy threats to medical information.
• Establishment of a program to address physical, personnel and technical security controls.

• Certification of effectiveness of the employed security controls.

• Creating procedures, guidelines and policies to use computing devices, and ensuring that the suitable mechanisms are there to allow or ban access to an individual’s status.

• Implementation of controls on access which include user-based access, encryption, role-based access, context-based access and auditing control mechanisms, authentication of data, and authentication of entity.

Security is the key

HIPAA provides for both civil and criminal action against the violations and violators, as data access and security is top priority for a healthcare firm. To assure HIPAA compliance, security features that should be included in online documents are:

• Secure web server – A server should be running secure socket layers. It is the bare minimum required.

• Encrypted database – All data has to be encrypted.  Modern Encryption Software is available that encrypts all the data sent between two computer and any device on the internet.

• Session timeout – This assures that private data is not left unattended and is only viewed by unauthorized personnel.

• Server monitoring – monitoring of the web server is required to detect break-in attempts and hacking attempts.

• Secure access control – Apart from user id and password, for additional security, strong passwords and smart cards should be used.

• Regular security audits – all security precautions need to be checked for their state of readines and proper working. For this regular audits should be carried out.

• Personnel – Qualified personnel familiar with HIPPA requirements should be employees for system maintenance.

Related Hipaa Posts

• June 1, 2010 — Reasons medical businesses should comply with HIPAA regulations
• May 31, 2010 — Increasing Computer Network Security for effective HIPAA Compliance
• April 13, 2010 — Status of claims and remittance advice
• May 25, 2010 — HIPAA Emails compliance – Safeguard your private information
• May 24, 2010 — Factors influencing HIPAA Compliance
• May 20, 2010 — HIPAA Implementation Procedure
• April 24, 2010 — What Are HIPAA Laws?
• April 24, 2010 — HIPAA: What is it?
• April 21, 2010 — Complete HIPAA Guide
• April 20, 2010 — Medical billing software and HIPAA

HIPAA compliance needs specific attention and effort, if any failure to adhere involves high risk of reputation damage, fines starting from $100 to $250,000 and imprisonment varying from 1 year to 10 years. Different various HIPAA management efforts are required for a practice with various different systems for patient timetable, electronic and medical files and billing. This article shows an honest way to HIPAA management adherence and is a summary of main important HIPAA terminology, principles, and requisites to assist the practitioner to adhere to HIPAA compliance through medical billing and software retailers.

The last 10 years of the 19^th century saw a rapid increase of digital technology in health care, with lesser expenditure and much better service quality, also resulted in new and higher risks for accidental revelation of private health information.

Protected Health Information (PHI)

The main requirement of HIPAA is PHI, which covers any aspect that can be required to identify a person and any information or data exchanged or disclosed to other health care providers in any medium viz. digital, verbal, recorded, faxed, printed or written).

Information that is required to recognize a person includes:

1. Name
2. Health plan numbers
3. Zip code not less than 3 digits, telephone and fax numbers, email
4. License numbers
5. Social security numbers
6. Dates (excluding year)
7. Medical record numbers
8. Photographs

Details shared with other healthcare firms or clearinghouses are:

1. Data about treatment and billing
2. Notes made by nurses and physicians

HIPAA principles

HIPAA aims to ensure smooth running of PHI for healthcare operations with the patient’s approval; however, bans unauthorized PHI for any other reasons. Healthcare procedure involves payment, competence review training, treatment, care quality assessment, accreditation, auditing, legal procedures and insurance rating,

HIPAA encourages unbiased information practices and sets guidelines for those who have access to PHI to protect it.

Unbiased information practices means that a person should be permitted to

1. Access to PHI,
2. Rectifying mistakes and completeness,
3. Know who else are using PHI.

Protecting PHI means that the subject who possess PHI should

1. be responsible for self use and disclosure
2. have a legal source to counter violations

Related Hipaa Posts

• May 31, 2010 — Increasing Computer Network Security for effective HIPAA Compliance
• May 29, 2010 — HIPAA and the Internet: Intranet Collaboration Software requirements
• May 20, 2010 — HIPAA Implementation Procedure
• April 20, 2010 — Medical billing software and HIPAA
• August 25, 2009 — CIO Knowledge on HIPAA compliance

The aim of HIPAA implementation procedure is guided by the threat model. It involves presumptions about

1. Nature of threat whether an accidental revelation by an insider or access for profit
2. Source of threat by an outsider or insider
3. Means of likely threat by break in, trespassing, computer hack or virus
4. Specific type of record at risk viz. patient identification, financials, medical, and
5. Scale to keep track of the number of patients data threatened.

HIPAA procedure has to encompass explicitly stated policy, educational materials and events, transparent reinforcement methods, a timetable for examining of and methods for ongoing transparency with respect to HIPAA compliance. Documented policy usually comprises of statement of minimum privilege record access to finish the work, explanation of PHI and event assessing and reporting processes. Educational materials could comprise of case studies, control questions, and a time table of review meetings for people.

Technical Essentials for HIPAA Compliance

Technical essentials of HIPAA progresses go from logical data to network:

1. To ensure physical data center safety, the manager must
   1. Ensure data center is under lock and key
   2. Maintain access list
   3. The activities inside and outside the building have to be monitored with closed circuit TV cameras.
   4. Protect backup data
   5. Protect data center with onsite security
   6. Test recovery process

• · To ensure safeguarding the network, the data center should add facilities for

1. Network access monitoring and report auditing
2. Secure networking which only includes firewall protection and encrypted data transfer.

• To ensure data security, the manager should have

1. Role Based Access Control
2. Individual authentication
3. Audit trails
4. Data discipline

Summary

HIPAA compliance needs specialized practice management attention. A practice with a diverse a number of systems for billing, scheduling and electronic medical records needs more than one different HIPAA management efforts. An integrated system makes the process of HIPAA implementation much simpler. By choosing a good HIPAA compliant provider of ASP or SaaS basis, as an outsourcing partner, HIPAA management expenses can be eliminated.

Related Hipaa Posts

• May 31, 2010 — Increasing Computer Network Security for effective HIPAA Compliance
• May 29, 2010 — HIPAA and the Internet: Intranet Collaboration Software requirements
• May 24, 2010 — Factors influencing HIPAA Compliance
• April 20, 2010 — Medical billing software and HIPAA
• August 25, 2009 — CIO Knowledge on HIPAA compliance

Nowadays it is becoming more and more difficult of find software, which has been prepared in compliance with all the rules and regulations, which come under HIPAA. Such software is very expensive to procure especially for any small-scale medical office. There are many large scale medical offices and medical billing houses which have already adopted some strong security measures and the implementation of the rules and regulations which come under HIPAA will not mean any kind of dramatic change for them. Small medical billing houses and medical offices will not have the right kind of security measures and polices and they will have to implement some drastic changes in order to ensure that they comply with all the rules and regulations which come under HIPAA.

The rules and regulations, which come under HIPAA, have been classified into four main subdivisions namely administrative safeguards, physical safeguards, security services and security mechanisms. There is no specific software, which can be termed as HIPAA compliant software. The medical practice or the medical office should make all the required arrangements in order to ensure that the organization is following all the rules and regulations which come under HIPAA. Compliance of the rules under HIPAA is a responsibility and obligation, which has to be fulfilled by all medical practices and health care organizations. Workstations should be placed in secure locations inside any organizations any person who does not have the required authorization should not be allowed to access this kind of information.

Software which is being used for medical billing as well as for practice management are two of the most vital areas which have been affected by the changes which have been brought about by HIPAA. According to the security rules, which come under HIPAA, if the health information, which is being stored in an electronic manner, needs to be protected, then all the security rules, which come under HIPAA, will be applicable.

Any kind of medical software, which is being used, should have proper facilities for data backup as well as data restoration. All medical providers should make a proper list as to how information is being created and stored and who has access to all this information and whether they have the authority to modify and delete that information.

Related Hipaa Posts

• May 31, 2010 — Increasing Computer Network Security for effective HIPAA Compliance
• May 29, 2010 — HIPAA and the Internet: Intranet Collaboration Software requirements
• May 24, 2010 — Factors influencing HIPAA Compliance
• May 20, 2010 — HIPAA Implementation Procedure
• August 25, 2009 — CIO Knowledge on HIPAA compliance

The meaning as well as importance of the word “process” should be properly understood in terms of all HIPAA rules and regulations since this mainly refers to the security processes, which have been incorporated in any organization. A security checkup or a security audit of all the online information systems, which are being used in the office of the covered entity, will be properly measured in a technical manner. These audits of the security process will help in properly defining the method in which the right kind of security measures should be adopted as well as incorporated in the everyday work life of any employee who is a part of the organization. A proper assessment should be taken of all the shortcomings and loopholes, which exist in the current security setup, and the required solutions should be prepared in order to ensure that all the rules and regulations, which come under HIPAA, have been complied with in the right manner.

When every organization is taking stock of all the networks, which exist within them, they should gain a proper understanding of all the digital components, which make a part of this network. A proper identification as well as understanding of all the assets is one of the first steps which needs to be followed as a part of this process of finding out the loopholes and fixing them. Though this is one of the initial stages, the discovery stage will help in gaining a proper understanding of all the components and devices, which are a part of the network. The Retina will be able to quickly create a map of all the elements and the components, which make up a network.

This is one of the most important phases of the entire security audit process since the entire system will have to be checked for all kinds of vulnerabilities and loopholes. Retina has the superior capacity to identify all the loopholes and vulnerabilities, which exist within the system and this can also function with a lot of speed as well as accuracy.

Related Hipaa Posts

• May 31, 2010 — Increasing Computer Network Security for effective HIPAA Compliance
• May 29, 2010 — HIPAA and the Internet: Intranet Collaboration Software requirements
• May 24, 2010 — Factors influencing HIPAA Compliance
• May 20, 2010 — HIPAA Implementation Procedure
• April 20, 2010 — Medical billing software and HIPAA