HIPAA and Protecting Patient Information

November 10, 2014
149 Views

The Health Insurance Portability and Accountability Act (HIPAA) has many physicians nervous about their responsibilities in protecting patient information. Respecting patient privacy has always been both a moral and legal issue, but new technologies raise new questions about how to safeguard confidential information.

The Health Insurance Portability and Accountability Act (HIPAA) has many physicians nervous about their responsibilities in protecting patient information. Respecting patient privacy has always been both a moral and legal issue, but new technologies raise new questions about how to safeguard confidential information.

hipaaElectronic protected health information (EPHI) refers to individually identifiable health information that is created or stored electronically. Like a traditional chart, strict rules govern who can access EPHI.

In my next post, I’ll tell you about specific ways to control access to patient health information. Today, I’ll focus on the broader issue of data security.

HIPAA requires healthcare providers to assess their data security risks and take reasonable measures to safeguard patient information. Choosing the right electronic medical record (EMR) software is essential to keeping data secure and complying with HIPAA guidelines. 

EPHI Encryption

Encryption is a method of encoding data that allows only authorized readers to properly view it. Encryption makes data indecipherable—or cryptic—to unauthorized eyes. Intended audiences, such as physicians and administrators, are able to view data when they possess a key. Effective keys can be as simple as username-password combinations and as complex as biometric recognition of fingerprints or retinas.

While EPHI encryption is not yet required by law, the Department of Health and Human Services recommends encryption as a best practice for protecting patient information. The best EMR softwares encrypt this data at all times—in transmission and at rest. 

protecting patient information

Most internet users are familiar with little lock icons near the address bar. These icons tell you when your transmissions are encrypted.

However, many users don’t realize that data at rest on their hard drive may not be encrypted. It is important to encrypt data at rest to protect confidential information in the event of loss or theft.

Theft and loss of unencrypted hard drives and portable devices account for the majority of HIPAA breaches.

hipaa breachesSource: The Proftiable Practice

The risks of theft and loss can be further mitigated by storing data on dedicated off-site servers—in the cloud.  

What About Cloud Solutions?

Cloud-based solutions are not inherently more or less secure than on-premise solutions. It’s all about how the system is set up and the software it uses.

While running an EMR on a cloud provider may seem more vulnerable, the crucial factor is the security measures put in place by the provider. The same is true for on-premise solutions—nearly all of which also have exposure to attacks from the internet. Cloud-based solutions are often more secure because they are managed by expert teams—something that smaller organizations may not be able to afford on-premise.

What is clear is that cloud solutions for healthcare providers must provide access controls and encryption to prevent security breaches. The best cloud networks use encrypted storage, not only for active data, but also for backups. 

Cloud solutions decrease the burden on hospital IT departments and save smaller clinics the costs associated with building and maintaining expert security systems. Choosing the right cloud provider is one strategy to simplify the complexity of meeting HIPAA standards.

You may be interested

Where Is The Balance? Pushing Back Against Consumer Health Tech
eHealth
3 views
eHealth
3 views

Where Is The Balance? Pushing Back Against Consumer Health Tech

Larry Alton - August 18, 2017

When Republican Congressman Jason Chaffetz glibly remarked that Americans struggling to afford insurance should choose between that and their smartphones,…

What to Look for in Patient Solutions Software
eHealth
365 views
eHealth
365 views

What to Look for in Patient Solutions Software

Robert Cordray - August 17, 2017

The medical sector is one area where technology has had a significant impact, largely by providing tools that simplify many…

Can Natural Remedies Like RediCalm Decrease Stress and Anxiety?
Wellness
2 views
Wellness
2 views

Can Natural Remedies Like RediCalm Decrease Stress and Anxiety?

Ryan Kh - August 16, 2017

According to research from the National Institute of Mental Health, anxiety disorders are the most common mental illness in the…