The U.S. Department of Health and Human Services (HHS) has created a series of informative videos offering tips and advice for covered entities and those that need to meet HIPAA compliance. This particular video showcases the HIPAA Security Rule and five high-level overviews and realistic applications of the rule.
The U.S. Department of Health and Human Services (HHS) has created a series of informative videos offering tips and advice for covered entities and those that need to meet HIPAA compliance. This particular video showcases the HIPAA Security Rule and five high-level overviews and realistic applications of the rule.
While this is a definite step in the right direction for the OCR’s attempts in spreading awareness with an easier-to-understand and more practical approach, I hope they continue to delve even deeper into educating the public about HIPAA.
Transcription of the main points of the video below:
How do you get started on creating a security plan for your office?
- Experts recommend beginning with a risk analysis – a risk analysis can help you develop establish the safeguards you need at your practice.
- Develop and put into place administrative safeguards – those are office rules and procedures that keep your data secure. For example, you need to decide what information each staff person should have access to.
- Your plan needs to include physical safeguards – like, positioning computers and printers out of patient areas; security locks, or an alarm system.
- Install technical safeguards – this can include hardware, software, and any other technology that limits access to electronic health records. For example, a software program that keeps computer viruses out of your information system. Or tracks who accesses patient information and who makes changes to patient records.
- Encrypting health records stored on computer hard drives is a vital step in keeping information confidential.
Keeping your health information secure is an ongoing process – making security part of your office routine requires diligence. But it’s the only way to protect your patients’ information and to protect your practice from fines and penalties.
Visit our HIPAA compliant resource section of our site for additional resources, including HIPAA Compliant Case Studies, Five Questions to Ask Your HIPAA Hosting Provider and Tips for Passing a HIPAA Audit.
References:
HHS on YouTube