The Health Insurance Portability and Accountability Act (1996) - HIPAA is a law to order and uniformity to the security areas regarding patient health information.
Before the HIPAA, there was nothing in this regard, health and the security of personal information varied from state to state, and even among the insurances and physicians; and end up causing many doubts and problems, like "If my clinic operates on different states, which law shaw I apply and will I be compliant?".
It is worth mentioning here, that HIPAA takes into consideration only electronic transmission of data, having a clear distinction between electronic information and paper information. Though there is no differentiation in the sizes of clinics and offices, all of them need to be compliant with the HIPAA law, and mental health professionals need to be careful and follow even more restricted security laws.
Basic recommendations of security of HIPAA
The HIPAA considers the electronic transmission and communication of any data saved in software, or shared data with third parties, like insurances or banks, there for those third parties need to be compliant and follow the law too.
You may have some security protocols in place, or even though the EHR software that you currently use most has some level of security, it is still necessary to document what those protocols are, and all of your staff and workers need to be properly trained about the security and privacy policies of the HIPAA law.
The HIPAA can be divided into four big groups: privacy rule, security rule, enforcement rule, and the Omnibus rule (HITECH).
Being the more ones concerning the security, the security rule, that sets the patterns of security level for personal health information, protect those pieces of information regarding its electronic transmission, they require the administrative, physical, and technical existence of security procedures to safeguard information and support the privacy rules to keep health information safe, in any form that it presents itself.
Some examples of the basic rules of security and privacy are:
- Train all the workers and staff on the procedures of privacy and security;
- Correctly dispose of, any type of document containing personal health information protected by the security rule;
- Make sure that every person with access to the medical records has an individual login and password;
- Designate a trusted employee to oversee the security protocols and procedures adopted, ensuring that there are no failures, or that in the event of failure, it is communicated and duly corrected;
- Create internal policies and procedures, training employees in them, so that they are executed correctly;
- Provide training to all employees in the software and other systems used by the clinic;
- All employees must have a unique and individual access login and password;
- Limit access to restricted areas of the clinic;
- Create a procedure for patients and staff saying how, or with whom they can complain about non-compliance with any of these rules.
Although the Act is about policies and security of data transmitted and stored electronically, it is necessary to ensure that the entire structure of the clinic is safe, not just the systems used. For this reason, HIPAA has 75 requirements considered critical for maintaining the security of the information regarding the health of a patient and his clinic.
The Ninsaúde Apolo medical software already complies with several of the HIPAA guidelines, aren't you yet a Ninsaúde Apolo user? Contact the sales team and request a demo to learn about the other features and advantages of the product. Visit the Apolo website.