HIPAA compliance was this month’s topic at the Eastern Oklahoma Medical Group Management Association (EOMGMA) meeting with presenter Jennifer Bates of
ECFS Billing. HIPAA (Health Insurance Portability and Accountability Act of 1996) is the U.S. legislation that provides data privacy and security provisions
for safeguarding medical information, else risk steep fines or worse. Our first encounter with HIPAA regulations is likely as patients by way of a
Protected Health Information (PHI) release authorization form required by medical providers, but the thread of data security goes much, much deeper.
We are in a world of smartphones, laptops, and tablets that allow us to carry and/or access company data from a variety of locations and wifi servers.
No longer is company data restricted to in-office use only. As I listened to the precautions outlined by the security risk analysis that every health
care provider must take in order to ensure HIPAA compliance, I reflected on the fact that ALL businesses should adhere to many of the same restrictions
in order to protect their company and employee information.
- If through lack of security controls a malicious criminal accesses your system and takes it hostage, you may have no data available to conduct business.
- If through lack of training and education, your staff do not keep corporate or client information secure, your employee’s and/or customer’s privacy
could be compromised.
- If through lack of data or application controls, the accuracy of your data is compromised and loses integrity, the quality of your business’ work
product could be impacted. [HealthIT.gov]
These three system/data goals:
are the reasons why
appropriately securing the data for which you are responsible is mandatory in today’s technological environment. By addressing these 3 important goals,
businesses must build effective policies, procedures, staff education, and security controls to enable use of technology without compromised security.