Is Your Solution HIPAA Compliant?!

Quick Tips on Meeting HIPAA Compliance Standards

HIPAA laws have changed again, the latest development being the 9/23 'Final Rule', which has seen a major crack down on the way HIPAA covered entities handle ePHI's (Electronic Protected Health Information). Here are some quick tips for those of you faced with the seemingly daunting task of reaching compliance standards.

• The real question is not whether the solutions or tools you are using are compliant or not, but, rather, if your plans to implement them are. Compliant tools used incorrectly, can leave you at risk.
• There are two ways to meet the U.S Dept. of Health and Human Services' standards for ePHI compliance: Encryption or Data Destruction.
• Develop a thorough plan that considers all instances of ePHI exposure (on what devices and with which employees)
• Use a solution or took that will enforce encryption of ePHI when stored on device (e.g. PCs, phones, USB storage)
• Select tool(s) that will protect ePHI (e.g. access control or destruction) when password or authentication is breached (and encryption ineffective), Page 4
• Ensure the employee is not depended upon for execution of security policy
• Make sure the tools or services are easily managed