| The stringent HIPAA security compliance norms, | | | | by adopting some security measures mentioned |
| make it mandatory for the all the entities like | | | | below: |
| hospitals, insurance providers, payers, billing | | | | - Install appropriate gateway security, which has |
| services, insurance plans and medical personnel to | | | | has capacity to deeply inspect the web content |
| strictly adhere to the laws relating to the safe | | | | and filter out unwanted elements like a debilitating |
| transfer and storage of confidential patient health | | | | software and virus. |
| information. To achieve HIPAA security | | | | - Anti virus solutions, digital signatures, firewalls |
| compliance it is necessary to implement few | | | | should be in place to negate any online threat. |
| steps that have been categorized below: | | | | - Proper encryption procedure should be followed, |
| Establish Physical Safeguards: | | | | while sending out crucial health data from the |
| Computer networks play a crucial role in | | | | organization network to the public network. The |
| processing, storage and exchange of health | | | | information should be strongly encrypted to |
| records of patients between different health care | | | | protect it from unauthorized access or intercept. |
| entities. The physical access to crucial information | | | | - The security system should continuously monitor |
| can be safely managed by following these steps: | | | | the network for any suspicious activity and alert |
| - Creating and implementing a policy that | | | | the administration about unwanted deviation from |
| authorizes only limited and trusted people to | | | | the standard procedure, by raising an alarm. |
| access the confidential patient health data. | | | | Educate Staff on HIPAA Security Compliance |
| - Installing workstations and computers in safe | | | | A well trained staff is the backbone of the |
| areas of the facility and should be accessed by | | | | successful organization. It is of utmost importance |
| authorized personnel. Devices like computers, fax, | | | | for an organization to increase the awareness |
| printers and copiers should be placed in such a | | | | about the importance of safe handling of patient |
| manner so that un authorized people cannot view | | | | health information. It protects the healthcare |
| patient health data. | | | | facility from lawsuits due to noncompliance of |
| - All the computer programs should be protected | | | | HIPAA norms by an employee or employees. The |
| by passwords and user ids to prevent, | | | | organization should: |
| unauthorized access. The passwords should be | | | | - Provide staff access to HIPAA compliant training |
| securely managed so that unauthorised people | | | | courses and seminars to increase their knowledge |
| cannot access them. | | | | about HIPAA norms. |
| - A security system should be in place so that it | | | | - Provide training in password management and |
| manages passwords efficiently and guarantees | | | | virus protection. |
| the safety of the patient health information | | | | - Train on how to efficiently maintain logs and |
| whenever the staff members change positions or | | | | audits. |
| somebody leaves the organization. | | | | - Carry out periodic review of workers' status of |
| - All the storage devices, backup tapes and | | | | HIPAA security compliance training and update |
| computer equipments should be accounted for | | | | regularly them regularly on latest developments to |
| and a proper log book should be maintained. | | | | hone their skills in managing safely, the patient |
| - All paper documents that contain patient health | | | | health information. |
| information information, but not needed in the | | | | - Provide training on managing the backup system |
| office should be shredded so that no body else | | | | as per contingency plan, in case of natural or |
| can lay their hands on them. | | | | manmade disaster with the aim to protect the |
| Enhance Computer Network Security | | | | health data and keep crucial operations, running. |
| It is necessary to maintain a proper record of the | | | | Hence for an organization to achieve the requisite |
| hardware and software installed in the facility, and | | | | HIPAA security compliance, it is necessary to |
| understand their role in processing the patient | | | | integrate smoothly the software, hardware and |
| health information, safely. Risk analysis should be | | | | personnel so all of them work in a cohesive |
| done by creating a flow diagram of the work | | | | manner, ably guided by an administration that |
| process so that loopholes in the system can be | | | | continuously monitors, provides feedback and |
| identified and removed. The computer network | | | | places safeguards to ensure secure handling of |
| should be protected from virus attack or hacking | | | | the crucial health information of the patient. |