HIPAA, or the federal Health Insurance Portability and Accountability Act, was introduced in the U.S. in 1996, as a way to ensure the confidentiality and security of healthcare information. With HIPAA came standards regulating who can access a patient’s healthcare information and act in his or her name in case of emergency, how healthcare professionals can use confidential patient information to complete their duties, and how to protect that information in transactions outside the clinic or facility.
However, the dawn of the digital age brought about new problems within healthcare information security. As we discussed in our previous blog, while cloud computing has revolutionized the way the healthcare industry functions, it has also created certain new vulnerabilities in the way of patient information. Especially with the advent of Obamacare, forcing the digital transmission of patient information with outside entities like Medicare, it’s more important than ever that your IT infrastructure is HIPAA compliant.
One of the most important features of your infrastructure to note is your email client. Your email stores information in your inbox as well as transmitting data to outside users, meaning that both ends of the transaction require security measures. As of this moment, only Microsoft’s Office 365 is recognized as fully HIPAA-compliant, as it is the only company that will sign a Business Associate Agreement, which acts as a contract between the HIPAA-covered client and the partner to help protect personal health information.
Secondly, and it may seem like a minor detail, medical facilities must make sure their operating systems are up to date. Even with a no-holds-barred antivirus program, running your infrastructure on operating systems from 2003 or before means that Microsoft is no longer sending you regular updates–including security patches and virus blockers. Once you lose manufacturer support, your office is no longer HIPAA compliant. Even though manufacturers generally release information about the end of life of their operating systems, if you haven’t gotten up to date, you can take a piecemeal approach to implementing new software so you don’t have to perform a complete overhaul of your IT.
As a final point, it’s time to learn a bit more about security systems. We’re not talking about door alarms and nighttime cameras; while these tools are great in the event that someone should enter your office and physically steal your computers, they won’t do anything to stop the increasingly common remote hacker. Even a long, complicated password isn’t enough to cut it by now. Your infrastructure needs serious encryption measures to help make sure stolen information is not usable. This is a task that requires the experience of a professional so you can ensure your patients’ information is safe and sound.
If you’re unsure whether your medical facility has a HIPAA-compliant infrastructure, be proactive about fixing any errors. Get in touch with the IT and security experts at Firewall Computer Systems by calling (407) 647-3430 today.