At Quality Computer Services, we take HIPAA compliance and the security of your data seriously. As you’ve probably heard, HIPAA (Health Insurance Portability and Accountability Act) is a multifaceted approach to securing the privacy of patient information.
How do I become HIPAA compliant?
HIPAA compliance cannot be obtained by a single test, piece of hardware or set of security measures. Instead, it is the sum of how healthcare employees as well as the professionals they work with, disclose patient information, interact with medical records, secure their network, store and backup data and more. A company becomes compliant by actively meeting the criteria of each area.
HIPAA Certified – is it really a thing?
Many people in the healthcare industry are surprised to find Regulated HIPAA certification is not actually a thing. IT professionals don’t have to be HIPAA certified anymore than healthcare providers do. But those course instructors have to make a buck somehow right?
What will Quality Computer Services do to keep my organization HIPAA compliant?
We work hard to keep every network secure. When working with medical practices, we go the extra mile to keep your technology compliant. We provide knowledge to help employees understand how to access data securely and we strive to make every instance and transaction true to HIPAA compliance, when it is applicable. Below is a list of several key areas of compliance we discuss with our medical clients, and highly recommend their practice:
Use of firewall appliance for gateway layer security on your network
Use of VPN or HIPAA compliant cloud service for remote employee access to the network
Use of known reliable antivirus program on workstations
Password complexity requirements on desktop login (8+ characters with upper, lower, caps, symbol)
Password complexity requirements on webmail based login (10+ characters with upper, lower, caps, symbol)
Password changing requirements (every 30 days)
Quarterly gateway layer reports of network activity
Servers stored in a locked space with keys inaccessible to non management team members
Is that it? So you’ll take care of it then?
We certainly do our part. At the end of the day it is up to the employees and management to follow our roadmap rather than find substitutions or alternatives to our technologies and recommendations.
Wait a sec, who’s side are you on anyway?
Quality Computer Services is always on our client’s side. We work with our clients in more ways than one and strive to meet every need.
What’s the concern if my organization is not fully compliant?
There are three possible scenarios of concern when it comes to non compliance:
1) The HIPAA audit program – The Office For Civil Rights (OCR) can inspect your business practices and network at random. If your network, technology or data interaction does not abide by HIPAA standards you may be subject to fines and will be forced to change some business practices to meet the criteria of HIPAA protocols. If your business is caught in what appears to be severe or blatant disregard of data confidentiality then your business could be shut down. In my opinion this seems rare, but it happens.
2) A patient finds out and files a complaint about a security breach on their own records. When a customer files a complaint, they are filing it with the OCR. In which case, the outcome can be the same as above.
3) A patient finds out and files a lawsuit about a security breach on their own records – A patient could conceivably choose to take legal action against the healthcare entity if a breach was discovered.
So this HIPPA compliance stuff will make my job easier, right?
Not exactly. The purpose of the regulations are to make getting patient information into the wrong hands literally impossible. Unfortunately HIPAA compliance is often regarded as boring, inefficient and downright frustrating. That being said, there are ways to make the process less cumbersome and getting us out to your offices is a great way to start. When it comes to HIPAA compliance, we’ve made technology, security and privacy our primary focus so you don’t have to.