Question

Your organization deals with sensitive patient health insurance information that is covered by the HIPAA compliance policies. What security techniques should be implemented to help protect the privacy of your patient's health insurance data when communicating the data between healthcare facilities? Why?

Answer 1

Solution:

HIPAA present standards governing information security and privacy of patient information. HIPAA has an advanced and necessary element for the security of healthcare information but they have some challenges also like high costs, tracking regulatory changes, extensive documentation etc.

The challenge of protecting privacy and security of health information always not so easy. Many people have access to a person’s health data like doctors, nurses, technicians, office workers and administrative staff, as well as the third party personnel, are also involved in healthcare such as health plans, medical supply companies, billing and coding companies, pharmacies and industry researchers. The purpose of HIPAA’s is to create a set of uniform electronic healthcare transaction codes. Privacy is a major concern with the changes considered in HIPAA. HIPAA allowed many uses and disclosures of information without patient consent.

The best practices to use to ensure the privacy and security of protected personal health information (PHI) are categories in three parts that are administrative, physical and technical safeguards.

Administrative Safeguards: Administrative safeguards refer to the policies and procedures that exist in your practice to protect the security, privacy, and confidentiality of your patients’ PHI it includes-

• Identifying relevant information systems
• Conducting a risk assessment
• Implementing a risk management program
• Acquiring IT systems and services
• Creating and deploying policies and procedures
• Developing and implementing a sanctions policy

Physical Safeguards: Physical safeguards for PHI refer to measures to protect the hardware and the facilities that store PHI. Physical threats affect the security of health information it includes-

• Facility access controls: Limitations for physical access to the
• Workstation use: Specifications for the appropriate use of workstations
• Workstation security: Restrictions on access to workstations with PHI.
• Device and media controls: Receipt and removal of hardware and electronic media that contain PHI into and out of the facility

Technical Safeguards: Technical safeguards are safeguards that are built into the system to protect health information and to control access to it. It includes

• Access control: Allowing only access to persons or software programs that have appropriate access rights to data
• Audit controls: Recording and examining activity in systems that contain or use PHI.
• Integrity: Protecting PHI from improper alteration or destruction
• Person or entity authentication: Verifying the person or entity seeking access to PHI
• Transmission security: Guarding against unauthorized access to PHI

I hope this helps if you find any problem. Please comment below. Don't forget to give a thumbs up if you liked it. :)