The Health Insurance Portability and Accountability Act (1996) - HIPAA is a law to order and uniformity to the security areas regarding patient health information.  

Before the HIPAA, there was nothing in this regard, health and the security of the personal information varied from state to state, and even among the insurances and physicians; and end up causing many doubts and problems, like "If my clinic operates on different states, which law shaw I apply and will I be compliant?".

It is worth to mention here, that HIPAA takes in consideration only electronic transmission of data, having a clear distinction between electronic information and paper information. Though there is no differentiation on the sizes of clinics and offices, all of then need to be compliant to the HIPAA law, and mental health professionals need to be careful and follow even more restrict security laws.

Basic recommendations of security of HIPAA

The HIPAA considers as an electronic transmission and communication any data saved in a software, or shared data with third parties, like insurances or with banks, there for those third parties need to be compliant and follow the law too.

You may have some security protocols in place, or even with the EHR software that you current use most have some level of security, it is still necessary to document what those protocols are, and  all of your staff and workers need to be properly trained about the security and privacy policies of the HIPAA law.

The HIPAA can be divided in four big groups: privacy rule, security rule, enforcement rule and the Omnibus rule (HITECH).

Being the more ones concerning the security, the security rule, that sets the patterns of security level for the personal health information, protect those informations regarding its electronic transmission, they require the administrative, physical and technical existence of security procedures to safeguard information and support the privacy rules to keep health information safe, in any form that it presents itself.

Some examples of the basic rules of security and privacy are:

  • Train all the workers and staff on the procedures of privacy and security;
  • Correctly dispose, any type of document containing personal health information protected by the security rule;
  • Make sure that every person with access of the medical records have a individual login and password;
  • Designate a trusted employee to oversee the security protocols and procedures adopted, ensuring that there are no failures, or that in the event of failure, it is communicated and duly corrected;
  • Create internal policies and procedures, training employees in them, so that they are executed correctly;
  • Provide training to all employees in the software and other systems used by the clinic;
  • All employees must have a unique and individual access login and password;
  • Limit access to restricted areas of the clinic;
  • Create a procedure for patients and staff saying how, or with whom they can complain about non-compliance with any of these rules.

Although the Act is about policies and security of data transmitted and stored electronically, it is necessary to ensure that the entire structure of the clinic is safe, not just the systems used. For this reason, HIPAA has 75 requirements considered critical for maintaining the security of information regarding the health of a patient and his clinic.

The Ninsaúde Apolo medical software already comply with several of the HIPAA guidelines, aren't you yet a Ninsaúde Apolo user? Contact the sales team and request a demo to learn about the other features and advantages of the product. Visit the Apollo website.