HIPAA Compliance is a set of standards identified for handling sensitive information that pertains to a patient's health data, known as Patient Health Information (PHI). The enforcement of these regulations have become more rigid as more medical offices have transitioned from physical health files to a more digitized environment.
If you are concerned about your office's methods for gathering, storing, and accessing PHI, the following checklist is a good place to start.
- Passwords need to be set to change every 90 days
- Screen lock on devices automated
- Firewall setup to track and alert malicious activity
- Backups are completed daily and replicated offsite
- Computers should be encrypted
- Email encryption capabilities
- Anti-virus is installed on every device
- Endpoint detection is installed on every device
- Employees receive annual HIPAA training
- Recording of employee login information
- A contingency plan exists in case of disasters
- Business associate agreements are in place with vendors
- Physical security is sufficient
- Network and server equipment are stored in a locked, secure room
- Locations storing PHI are equipped with alarm system that is set during non-business hours
- All incidents should be logged (security breaches)
- Must have confidentiality agreements with vendors who have access to rooms with PHI
- A secure and encrypted VPN is available for employees working remotely
To learn more regarding Kansas City Managed IT's HIPAA compliant services, please visit this page.