Health care privacy and technology section - specifically about backup or disaster recovery
Despite the fact the Health Insurance Portability and Accountability Act (HIPAA) has been on the books for over ten years, and most smaller medical practices do no have a firm understanding of how their record keeping computer systems should be backed up.
HIPAA Requirements and Regulations
Title II of HIPAA, Administrative Simplification (AS) provisions, outlines rules and requirement on privacy and security management of health care information. In Title II, the Department of Health and Human Services (HHS) outlines regulations for the use and dissemination of personal health care information.
These rules apply to covered agencies, including health plans, health care clearinghouses, such as medical billing services and community health information systems and health care providers that transfer health care information in a way that is regulated by HIPAA.
The Privacy Rule establishes regulations for the use and disclosure of Protected Health Information (PHI). PHI is any information about health status, provision of health care, or payment for health care that can be linked to a person. This includes any part of a patients medical record or payment history.
Security Rule deals specifically with Electronic Protected Health Information (EPHI) and requires Administrative Safeguards - policies and procedures designed to clearly show how the entity will comply with the act
Covered entities that out-source parts of their business processes to a certified third party must ensure that their vendors also have a framework in place to comply with HIPAA requirements. Companies typically gain this assurance through stipulations in the contracts stating that the vendor will meet the same data protection requirements that apply to the covered entity. Care must be taken to determine if the vendor further out-sources any data handling functions to other vendors and monitor whether appropriate contracts and controls are in place.
A contingency plan should be in place for responding to emergencies. Covered entities are responsible for backing up their data and having disaster recovery procedure. The plan should document data priority and failure analysis, testing activities, and change control procedures.
Internal audits play a key role in HIPAA compliance by reviewing operations with the goal of identifying potential security violations. Audits should be both routine and event-based.
In order to have an online backup that is HIPAA compliant you need to meet all the requirements of the Final HIPAA Security rule dated February 2003 and required after April 21, 2005. You must ensure that a backup provider exceeds the standards set in the security rule by encrypting all data before it is sent over a secure SSL connection to the remote backup service. An effective solution is to have the Encryption Key generated by the customer and is known only to the customer and to ensure that the Key is not transmitted to the HIPAA compliant online backup server.
A HIPAA off-site backup provider should encrypted the data on the server with military class encryption and not accessible to the backup provider or employees. Ensure that the local backup client encrypts all data prior to transmission to the remote systems. Data can only be recovered by transmitting it back to the local client that decrypts the data using the encryption key.
At this time there is no 'HIPAA Compliance' certification for backup software, and it is important to understand that because there is no regulation that specifically addresses backup and privacy software that no service is truly 'HIPAA Compliant'.
For a full version that helps to explain more details about
HIPAA Backup can be found online.
Article Source: Messaggiamo.Com
Related:
» Seo Elite: New Seo Software!
» AntiSpywareBOT
» Reverse Mobile
» Error Nuker
Webmaster Get Html Code
Add this article to your website now!
Webmaster Submit your Articles
No registration required! Fill in the form and your article is in the Messaggiamo.Com Directory!