Staying HIPAA Compliant with Online Data Storage
By Dave Ewall on Wednesday, May 21st, 2014
Keeping patient records secure and private is the concern of every hospital and health care provider, but they are often overwhelmed with years and years of patient information and a lack of adequate storage space.
Online data storage is a way to satisfy these issues, allowing easier access for patients, easier sharing of patient information between hospitals and doctors, as well as between individual doctors. But everyone wants assurance that these confidential records will remain safe, private, and secure, and will only be accessed by those authorized to do so.
What is HIPAA?
HIPAA or the Health Insurance Portability and Accountability Act of 1996 was created to protect health information and give patients certain privacy rights regarding their health data It specifies safeguards necessary for the administrative, physical and technical handling of patient health information. Generally speaking this means that only people authorized to view medical data users can access that data and can only access the minimum amount of information they need to complete their job.
What Type of Security is Necessary?
When dealing with patient records in an office, maintaining privacy and security usually involves storing patient files in locked cabinets where they can be visibly monitored at all times. When you are storing patient information online, certain precautions must be met in order to afford each patient the privacy they are guaranteed.
While HIPAA permits patient records to be transmitted over the Internet, businesses will want a service that offers file encryption, authentication and password protection to secure the information. HIPAA does not require online data storage services to have encryption, but it does require that patient information be adequately protected and accessible only by authorized persons. Encryption is the best way to protect that information and ensure secure access to those records. It is also important to offer backup services in case of a virus attack, flood, or fire. Finally, the service must offer a method of tracking any security breach, as well as the ability to lock out former employees after they have left or been terminated.
Remaining HIPAA compliant is vital to maintaining a good business relationship with the health care industry and to avoiding some very hefty fines. While online storage can mean less worry, work and expense for health care providers, the service is only as good as the security offered.