HIPAA, the Health Insurance Portability and Accountability Act, is a federal ruling by the U.S. Congress to provide security and privacy to protected health information (PHI). Due to technological advancements in health care, HIPAA standards must be integrated into electronic systems.
Password Protection
Computers should be password-protected so that only authorized users have access to the information stored on the hard drive. Technological safeguards must be available to automatically lock computers after being idle for a few minutes, in case the user forgot to lock the computer. Sharing passwords with other people is considered a HIPAA security breach.
Encryption
PHI is shared and exchanged electronically, sometimes over email. Emails containing PHI must be encrypted with a special code that can be broken only with the correct pass-code. The sender of the email sets the pass-code, which can be shared with recipients so they can open the email message. PHI that is electronically exchanged without being encrypted is at risk for being interfered by cyber-hackers and qualifies as a security breach.
Audit Controls
According to the U.S. Health and Human Services website, HIPAA requires audit controls to ensure technological safeguards for electronic PHI. The rule states that hardware, software and other procedural mechanisms must be implemented to record and examine all activity within information systems that house PHI. Audit controls reveal to security teams who is accessing and retrieving information to determine if there are unknown security breaches.
Tags: security breach