Posts Tagged ‘HIPPA’

Report of numerous data breach events has created panic in people. Patients are no longer sure whether to trust doctors or the management authority. While HIPAA constituted safety rules against theft of Protected Private Information, no concrete implementation of Violation laws can be cited.  However with reputation at stake, hospitals and other medical care units are trying their best to follow HIPAA measures that has been designed to protect health care sector from external technical raids, interference and data breach incidents.

 HIPAA / Health Insurance Portability and Accountability Act focuses on security aspects of using electronic medical reports (for storage and transfer) . For an administrator of a hospital it is impossible to file records in the manual way. Therefore most hospitals have a computing system that can help with remote access, data collection, and maintenance and relocation of important documents and records. To secure such extensive information, HIPAA recommends using security tool-kits. One such tool was recently introuduced by The  National Institute of Standards and Technology.  You can download a free copy of here.

 HIPAA security tool-kits can be applied to both small and large scale business. Such tool-kits contain operation manual in the form of guide book, video etc. security tool kit   helps in thorough risk management. There are numerous HIPAA security tool kits in the market: CPRI kit, NCHIC’s HIPAA overview tool, SEI’s Self risk assessment tool, WEDI’s HIPAA security summit implementation and many more.

 CPRI kit can mitigate daily risks through constant updates on security laws, implementing deploy technology and augmenting patients co-operation. It also caters to issues in Electronic usage; like faxing, mailing, maintaining HCFA internet policy and prevention of internet hacking. Overall such program consolidates disaster recuperation and business expansion plans,

 To properly utilize security tools the first and foremost thing that the management can do is prepare a risk-assessment plan. This way identifying the problems will become easier. Designing appropriate policy and contracts pertaining to the industry (look up HIPAA, FTC, PPI, and HHS laws) is also an important step. security tool-kits are designed to perform such tasks in a calibrating manner.

 To avail HIPAA security tool kit, look up internet and start analyzing. To choose the right application/ tool-kit, you can consult online personnel. Security tool-kits should be able to address all HIPAA concerns. Another alternative is to check with NIST’s (National institute of Standards and Technology) advanced HIPAA toolkit that has been recently launched.

 This one encompasses all basic security issues, like access control, physical security and back-up; disaster-management program, like legal procedures to undergo after a breach event; risk management issues; and both employer and patient’s personnel issues.

How much a potential HIPPA security violation can cost a health care provider?

In a recent incident, HHS entered into a resolution agreement with the UCLA Health System to settle the potential violations of the Privacy and Security Rules.  UCLAHS agrees to settle the complaints for $865,500 and has dedicated to a corrective action plan that will fill in the gaps in its compliance with the rules.

Basis of investigation was complaints filed on behalf of two known celebrity patients claiming that University of California Los Angles Health System employees repetitively and without acceptable reason looked at the electronic protected health information of these and other UCLAHS patients.

Investigators also found that UCLAHS did not provide and/or document the provision of necessary and appropriate Privacy and Security rule training for all the members of its workforce to carry out their job duties

Authorities also pointed that UCLAHS failed to implement security measures sufficient to reduce the risk of such impermissible access to protected electronic health information by authorized users to a reasonable and appropriate level.

You can read the detail resolution here.