420 Bannister Rd Ste 400 Kansas City, MO 64131
(816) 381-9969

Compliance Management

HIPAA Compliance For Your Business

Medical practices are tasked with the responsibility of protecting patient privacy and information. To properly do this, they must be HIPAA compliant. HIPAA sets the standard for this compliance by defining requirements companies must follow. Some of the requirements include:

  • Encryption
  • Policies and Procedures
  • Network Security
  • Physical Access to Data

Our IT specialists can help put together a comprehensive plan that will walk medical practices through becoming compliant. This would include creation of policies and procedures, identify gaps in your current technical environment, annual reassessments to ensure you are remaining compliant, portal to hold all HIPAA regulation information.

Looking For Help? Give Us A Call!

We provide complimentary consultations if you are looking for a path forward to better manage your IT.

Kansas City Managed IT can also provide onsite tools required to enforce compliancy. Throughout the process, our experts assist in developing a plan for your company demonstrating good faith efforts to become compliant. Lastly, a HIPAA Seal of Compliance Verification is provided. This is the industry standard of medical practices to demonstrate compliance. There is no officially regulated HIPAA compliancy.

Medical practices are tasked with the responsibility of protecting patient privacy and information. To properly do this, they must be HIPAA compliant. HIPAA sets the standard for this compliance by defining requirements companies must follow. Some of the requirements include: Encryption, policies and procedures, network security and physical access to data.

Lack of compliance or showing of good faith efforts could lead to significant fines.

Cyber Security Managed IT ServicesEncryption

Ensuring data is encrypted whenever possible, this would include- data at rest on laptops, servers, backup devices, and anywhere else data may be stored.

  • Desktops - ensure BitLocker is on and data is being encrypted
  • Servers - ensure BitLocker is on and data is being encrypted
  • Backup Solutions - ensure that both onsite and offsite data is encrypted
  • Applications - ensure all communication is run across secure/encrypted connections

Policies and Procedures

Policies and procedures must be created and used to identify who is responsible for certain aspects of HIPAA compliance.

  • Policies identify how the company deals with various aspects required by HIPAA.
    • Example: Policy for access to ePHI data.
  • Procedures are how those policies are enforced.
    • Example: Procedure for securing ePHI data. This would include securing the data, limiting access to the data, safeguards to ensure data is secure.

Another examples of policy and procedures would be policy for termination of employees and the procedures which enforce the policy so terminated employees’ access is quickly removed.

Network Security

Network Security includes monitoring and logging, creating group policy, restricting access to EPHI data by implementing security permission.

  • Monitoring and Logging: logging of users trying to authenticate against computer systems and alerts which trigger whenever there is failed attempts or a high rate of unsuccessful logins.
  • Group Policy: can be used when Active Directory is implemented to restrict what can be installed on a computer, screensaver settings, user access, and limit devices that can be plugged into the computer.
  • Restricting Access: can be accomplished by setting up network shares and applying permissions to them based on least privilege access (meaning you have access only to what you need to accomplish your job).

What is Bitlocker?

You may have heard the term "Bitlocker" in reference to HIPAA Compliance. Bitlocker is part of the Microsoft operating system which can encrypt the data on a computer. It works with a technology called Trusted Platform Module, or TPM, which is built into the bios of computers to ensure that no other device can access the data without a password or key.

Bitlocker is a cheap and easy way to ensure desktop or laptop data is protected from theft, while also meeting HIPAA requirements when it comes to securing data. Although it doesn’t come initially activated, bitlocker can be activated at any time for no cost.  You can also use it in combination with Active Directory Group Policy to require all drives have bitlocker enabled before data is written to them.

Physical Access to Data

  • Involves making sure files are in a secured locked place where users can’t see them, desktop screens cannot be seen by unauthorized individuals, and tracking of who is coming on and off the premises
  • Desktops need to be locked if user isn’t at their desk
  • Access to printed files or paper versions of PHI must be kept locked up
  • Sign in sheet to identify all visitors
  • Screen shading so visitors can see screen information

Kansas City Managed IT can also provide the onsite tools needed to enforce compliancy. As you are going through the process, we can help provide the tools needed to develop a plan showing that you are showing good faith in efforts to become compliant. Lastly, we help get a HIPAA Seal of Compliance Verification. This is the industry standard of medical practices to demonstrate compliance. There is no officially regulated HIPAA compliancy.

Lack of compliance or showing of good faith efforts could lead to significant fines. 

HIPAA (Health Insurance Portability and Accountability Act of 1996)- An Act to amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes