How to Comply with the HIPAA Privacy Rule

The Health Insurance Portability and Accountability Act, in short HIPAA, was ratified by the U.S. nation’s lawmakers in 1996 to set an array of strict principles and practices to control safety and security of any health related data. Later in 2003, the Act was reinforced by the Privacy rule in order to safeguard the privacy rights of health professionals and their patients, through a range of lawful rights to regulate Patient Health Information (PHI) access.

Health professionals were at first using Electronic Data Interchange (EDI), a standardized data transfer solution between two computers that does not require human intervention, to submit their applications through their management systems to clearing houses and insurance providers. With EDI, just a small part of PHI, for instance diagnosis and procedure codes, was accessible to a very few administrative parties. But, when they start employing Electronic Medical Record or EMR (a sort of digital chart filled with the health and treatment record of the patients of a medical practice) , electronic prescriptions and online communications, PHI became accessible by many clinical and administrative employees from many places throughout the day.

Tips for complying with the HIPAA privacy and security rule

The fact is, there are lots of obstacles that generally prevent the compliance with the Privacy Rule, among them, there are variables like insufficient management support, resources, financial demands for training workers. The following tips will help in the process.

– Make sure that all health employees have their own individual password to log in computers.
– Implement security add-on to management systems to restrict use of PHI to employees who require it to work and forbid access to others .
– Have computer back-ups safeguarded or locked up.
– Place computer monitors where general public and unauthorized employees won’t be able to read any PHI when passing.
– Apply screen savers for blanking every computer monitors when they are not being used as well as requiring passwords to resume.
– When sending or receiving PHI through email or fax, messages have to be encrypted. A HIPAA compliant online fax like Concord is recommended.
– When a staff member leaves the practice, cancelling his computer password and preventing any remote access is mandatory.