Healthcare in the Age of Data
Making Sure Your Practice Is Compliant with HIPAA Security Standards

As the owner of an allied health business, you'll have to follow HIPAA security standards for all network, computer, and data-related aspects of your business. If you're feeling overwhelmed with these extra data security requirements, you're not alone.

Most medical business owners aren't experts in "IT" (information technology). You probably don't know the intricacies of how a computer network functions or why some technology protects your data better than others.

How do you ensure your business is HIPAA New browser window icon. compliant? To start, when you hire an IT consultant to set up your office network, look for someone who is familiar with HIPAA privacy rules.

But you can't rely completely on your IT contractor. Let's look at the basic HIPAA requirements you'll need to fulfill to protect patient data and be compliant.

What Tech Standards Does My Practice Need to Meet to Be HIPAA Compliant?

What Tech Standards Does My Practice Need to Meet to Be HIPAA Compliant?

Below are the technical aspects of HIPAA compliance. These are the practices you'll need to observe with your technology and data in order to be HIPAA compliant.

  1. When transmitting data over an open network, use encryption. When you transmit data to an outside party like another healthcare provider, you'll need to send it in an encrypted, secure form. Use HIPAA compliant email that offers full encryption or other secure file sharing systems.
  2. When transmitting data to an outside party, you'll need to take additional steps to authenticate data transfers. Use passwords, telephone call back, and other authentication systems to authenticate the transfer.
  3. Take measures to secure your network. IT professionals can secure your network from outside data thieves who are trying to break in. Basic security measures will involve installing anti-malware programs, encrypting data while it's stored, using complex passwords, having routers that meet higher security standards, and not allowing remote access.
  4. Limit access to data on your network to ensure that data has not been changed, deleted, or tampered with.
  5. It's not enough to enact these measures; you'll also have to document the efforts you take to secure your network. Update this documentation whenever you change your network configuration and upgrade your systems.
  6. Prevent data errors by using check-sum functions, double-keying, and other data corroboration techniques. If you have a large-enough organization to divide your data entry tasks among employees, it's smart to have multiple personnel check and oversee different stages of data entry.
  7. Conduct a thorough risk analysis of electronic PHI data systems. This involves identifying which data is protected, taking measures to secure incoming and outgoing data, and identifying potential risks to its security (cyber risks, physical theft, etc.). See HHS guidelines for HIPPA Risk Analysis [PDF] New browser window icon..
What HIPAA Requires When You Hire Outside Contractors

What HIPAA Requires When You Hire Outside Contractors

Most healthcare businesses outsource some aspect of their business. Whether it's for billing, referring patients to specialists, or hiring an IT professional, you might have to give an outsider access to your data. When you do this, you'll need to make sure the contractor (i.e., the Business Associate) is also HIPAA compliant.

The Department of Health and Human Services requires you to have documented proof the BA who has access to your data knows and follows HIPAA privacy rules. How do you do this? Use a Business Associate Agreement New browser window icon..

A BA Agreement is a contract that lists HIPAA requirements and requires your contractor to follow them. To make sure you're HIPAA compliant, use HHS's Business Associate Agreement sample provisions New browser window icon..

Customer Rating 4.9 out of 5
Read Customer Reviews

Grab-n-Go Information

Free eBook
HIPAA, Social Media, and Technology: A Guide for Mental Health Professionals
Browse eBook
Sample certificates
See a sample Certificate of Liability Insurance, the proof of coverage you need for most contracts.
View Sample
Sample Quotes & Cost Estimates
See what insurance really costs: actual quotes by policy & specialty.
Get Estimates
Ask A Question
Submit your questions about small business insurance and get answers from our experts.
Read Answers