Does Your Practice Comply with HIPAA Security Requirements?

Did you know that your practice needs to comply with HIPAA Security Regulations to successfully attest for Meaningful Use?

In the age of data breaches and the resulting, significant fines, it is absolutely necessary to secure your data. One of the most important and most easily-mined components of any physician practice is messaging. Many are not aware there is no security when sending emails, text messages and instant messages. Anyone with a laptop and technical background potentially has the capability of intercepting and capturing the data. Imagine you are sending a harmless message about a patient to a colleague. What if that message also included a credit card number or SSN of the patient? If unprotected, even the patient name may trigger a PHI or ePHI violation.

What are your options?

How can you prevent this occurrence?

What might the solutions cost?

The first step is to identify your potential security gaps. Precision recommends examining everything from locks on the doors to your office to complexity of passwords on your PC's, laptops and other devices. One of the many HIPAA mandates includes an annual security risk assessment. Performing this internal evaluation will go a long way in getting your medical practice compliant. As you are likely to find, some of these security flaws can be easily remedied.

Some issues require a more in-depth solution.

Messaging - email, text and instant messaging - is the single greatest threat to security. Fortunately, there are a number of products that will help. With email encryption, solutions are available that reside between your email server and the Internet to flag messages with secure content or attachments. Once flagged for encryption, the message is pulled and an email is sent to the recipient with a secure link to access the email. The process prevents a third party from intercepting the message in transit.

With the prevalence of mobile devices, solutions beyond email encryption are essential as well. Text messaging has become the preferred method for communicating via a mobile device. Unfortunately, this method is also not secure. With text messaging encryption, instead of going to your regular text message to send a text, the user goes to the secure messaging application to send that message securely. If the message is delivered to another user who has the same application, that user will simply receive the message. If the recipient does not have the application, a normal text message is sent with both a link to the message and a link to download the application for future messages.

In addition to email and text message encryption, a number of solutions are available to secure content on mobile devices. This is especially helpful when the user loses his or her phone, or the user leaves the physician practice.

What should you do now?

Precision is here to help. We offer a wide variety of HIPAA-compliant solutions to meet your needs. Precision can host and secure your email, text and instant messaging. Precision can also help with your annual security risk assessments. A security risk assessment is the best way to evaluate the strength of the security within your office and allows us to accurately recommend the next steps to achieve HIPAA security standards.

Your protection and your patients' protection are very important to us. When comparing the per-month cost of becoming compliant to the ever-growing cost of fines and potential loss of business, the decision becomes an easy one.

Please contact Precision's Directors of IT:

Jason Eding

jeding@precisionpractice.com

314-881-5252

or

Wayne Schiermeyer

wschiermeyer@precisionpractice.com

314-881-5225

We look forward to assisting you.