A roundup of articles and Absolute resources to help your HIPAA compliance goals
HIPAA (The Health Insurance Portability and Accountability Act) had a watershed moment for healthcare in the U.S. now more than 25 years ago. Signed into law in August of 1996 by President Bill Clinton, it did a range of things all at once, from protecting people’s access to health insurance to how your protected health information (PHI) is handled. While HIPAA has been the law for some time, staying in compliance with HIPAA is an increasingly challenging endeavor as the threat landscape grows.
Title II of HIPAA, Final Omnibus Rule, and HITECH cover data privacy
This post isn’t intended to cover all the facets of HIPAA, just the data privacy ones. There are five sections within the law, but only one, Title II, covers data and privacy. Title II covers patient access to PHI (your right to see and get your data) as well as how the data is protected. In 2013, the Final Omnibus Rule Update added the security protections included in the 2009 HITECH (Health Information Technology for Economic and Clinical Health Act) law that included breach disclosures for all companies covered by HIPAA.
Together these laws, rules, and court decisions form the foundation of HIPAA data compliance, which boils down to one simple premise: Protect PHI from people who shouldn’t have access to it and make sure the people who do can access it securely.
It’s how to achieve this goal that’s the challenging part. From the HIPAA Compliance Checklist for 2020, there are three important safeguards:
- Administrative: who should have access and how are they authenticated
- Physical: how files and access to machines are protected, including how data is disposed of
- Technical: encryption, electronic storage, and data exchanges
To ensure you are fully compliant with HIPAA, each of these needs its own set of processes and procedures.
Your HIPAA reading list
Absolute has an entire practice focused on protecting health systems and protected health information and over the years, our experts have written posts that cover every part of HIPAA compliance.
- What is HIPAA Compliance and Why is it Important to Healthcare Security?
- A deep dive into HIPAA compliance and what the consequences are if you have a breach or you are found to be out of compliance (the short answer is the consequences are costly).
- HIPAA Compliance Checklist
- This post was mentioned above and gives you a place to start your compliance process. While HIPAA compliance isn’t just about checking off boxes, checklists help you focus on the people, systems, and tasks needed in your compliance program.
- HIPAA Privacy is About More Than Just Compliance
- If you think HIPAA compliance is just an IT exercise, you are missing a big part of the HIPAA puzzle. HIPAA treats PHI as a <em>civil rights issue</em> which means violations are taken far more seriously than other compliance activities. When someone’s PHI falls into the wrong hands or simply mishandled (like documents recycled without being shredded) you have violated a person’s civil rights to protection of their privacy. The Cybersecurity Insights video in this post explains more about how compliance is only part of the exercise.
- HIPAA Security Rule: Protecting Privacy and Improving Patient Care
- This is a follow up post to the one above gets into more of the technical requirements for compliance with another video to break things down for you.
- Escalating Risks to Healthcare Data
- When PHI was only in file cabinets and big servers, it was easier (not easy though) to protect data. Today with laptops, smartphones, wireless diagnostic equipment, Internet of Things (IoT) on networks, there is a lot more to worry about. Devices healthcare professionals carry with them can be lost, stolen, or hacked. IoT devices such as personal wearables or facility control systems can be the portal to network vulnerabilities, opening the door for hackers to breach systems. There is a lot more to think about today, and your compliance program needs to include all of these risks.
- Avoid Security Breaches in Healthcare with Data Visibility
- You can’t manage risks you can’t see. One of the cornerstones of all Absolute solutions is the tamper-proof visibility into all the endpoints that access your network. If a laptop goes missing—you’ll see it and be able to manage it.
Customer success
While achieving HIPAA compliance is challenging, it’s not impossible. Read how one Absolute customer improved their overall security while also becoming HIPAA compliant:
How Greenville Health Systems Improved Endpoint Security and Achieved HIPAA Compliance
How Absolute can help
Becoming HIPAA compliant is a lot easier when Absolute is in your corner. You can read more about how you can protect PHI in 7 steps and then get in touch for a demo with a security expert to understand how Absolute can help you with a range of data and security solutions.
