In HIPAA there are basically there are four rules that one needs to follow. These are as follows:
● HIPAA Privacy
● HIPAA Security
● HIPAA Enforcement
● HIPAA Breach Notification
HIPAA Security Policy:
Proper administrative, technical and physical aspects need to be covered in order to make sure that the confidentiality of the protected health information is protected. Let us now look into the three main aspects of the HIPAA security policy:
1. Technical Aspects:
● This will mainly include the technology part and it consists of Access Control, Audit Controls, Integrity, Authentication, Transmission Security. The things that one will have to implement are:
● Controlling the access and following unique user identification methods
● Procedures to gain access to the PHI in case of emergencies
● Following procedures for automatic log off and encryption and decryption of data in a proper manner
● Following strict HIPAA Audit policies in order to record the activity in the information systems.
● Implementing strict authentication procedures and transmission control procedures.
This includes the Physical access to the PHI. The four standards in this are Facility Access Controls, Workstation Use, Workstation Security and Device and Media Controls. The things that you need to follow here are:
● Implementation of policies in order prevents the unauthorized physical access to the data.
● Prevention of theft or leaking of confidential data
● Following strict access controls and validating the procedures in proper way
● Maintaining the proper records and making sure that proper measures are taken in order to maintain the security of the workstation
● Proper procedures need to be followed for back up of data, re-use of media and data, storage of data and disposal of data. Administrative Aspects:
This will include the procedures with regards to the conduct of the employees. The nine standards that are included in this are Security Management Process Assigned Security Responsibility Workforce Security Information Access Management Security Awareness and Training Security Incident Procedures Contingency Plan Evaluation Business Associate Contracts and Other Arrangements.
Here you will have to follow risk analysis, risk management, review of the various procedures etc. It will also involve appointing the right staff who has a proper HIPAA Certification and a proper understanding of all the policies.
As you can see one needs to follow a number of tedious steps in order to become HIPAA compliant.