HIPAA

HIPAA was enacted to improve Medicare/Medicaid and the efficiency and effectiveness of the heath care system by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of health information.

HIPAA applies to health plans, health care clearinghouse and any health care provider who transmits health information in electronic forms.

Non-compliance with HIPAA can result in penalties and fines. More importantly non-compliance can negatively affect the quality perception of the health organization as perceived by patients, doctors and the general public.

To comply with HIPAA the primary goal should be to secure the personal health information of consumers. HIPAA requires health organizations to follow mandated security standards and to implement safeguards against the unauthorized breach of confidential information. Safeguards should:

  1. Ensure the integrity and confidentiality of the information;
  2. Protect against any reasonably anticipated threats or hazards to the security or integrity of the information;
  3. Protect against the unauthorized uses or disclosures of the information;
  4. Ensure compliance with HIPAA by the employees and officers of health organizations.

Recommended methods for compliancy include:

  • Setting up policies and procedures that reduce information security risk levels.
  • Ensure that information security is addressed throughout the lifecycle of the information system.
  • Security awareness training
  • Designing plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the healthcare organization.
  • Annually obtain 3 rd party verification of security program and practices to determine the effectiveness of the program and practices.

Dynamic Compter Corporation’s Network Security Solutions practice can test the vulnerability of your network, provide remediation strategies, perform independent audits, provide business impact assessments to determine risk and offer social engineering to effectively train employees.