HIPAA in a nutshell
There are two requirements for HIPAA rules; confidentiality (2003) and security (2005). Both rules require:
- Identification of possible threats,
- Removing certain vulnerabilities,
- Determination of proper and reasonable guarantees and
-Use the necessary defense mechanisms and policies.
The use of EMR (electronic medical record) does not have absolute rights and errors in computer hardware or software to comply with HIPAA requirements. There are usually four areas to explore:
-Physical security. Is it possible to steal your computers with patient data?
-User Security - can anyone enter the patient database?
-System Security - what happens when a hard disk crashes?
- Network security - can unauthorized persons outside your facility have access to patient data?
The use of paper medical documents raises similar questions:
-Physical security - how safe are files from fire and theft?
-User Security - what means of access control and logging exist?
-System Security - what happens during a fire or flood?
-Storage Access files in a locked, protected area?
There are HIPAA fines
A civilian fine of up to $ 100 per person for violation and up to $ 25,000 per year for the same violation. There are 30 days to correct the problem if it is not due to intentional neglect.
Criminal sanctions for “misuse” and for obtaining or using medical information by “false pretenses” or with the intention to sell, transfer or use it for commercial, personal gain or malicious harm. These fines are up to $ 250,000 and five years in prison.
Currently there is no real effective enforcement authority.
HIPAA Compliance "rules of thumb"
With EMR, most requirements are common sense, and providers do not need to worry too much, but this requires some basic steps, such as:
-Turn your computer server in a secure room, locked,
-Use EMR with user management and permissions,
-Make regular backups and keep them in a safe place and
-Volume specialist computer.
Most medical practices and clinics using paper documents must make physical changes compatible with HIPPA. If you continue to use paper, then there are many physical difficulties:
-How to control access to staff,
- Protection against fires and floods (insurance is not enough)
- The disaster plan (which was documented and practical).
Finally, if there is a lawsuit filed by the provider to protect itself, it should have a trace, like access to the patient’s personal information. For paper records, this means, at a minimum, a traceable discharge sheet, as well as for the user to enter the EMR log to access the patient file.
