How to comply with the HIPAA security rule
The HIPAA security rule requires healthcare professionals and healthcare facilities to secure patient information that is stored or transferred digitally from data breaches, erasure, and other problems.
The law’s requirements may seem overwhelming, but it’s crucial that you and all of your employees remain in compliance.
The three components of HIPAA security rule compliance
Keeping patient data safe requires healthcare organizations to exercise best practices in three areas: administrative, physical security, and technical security.
Administrative requirements
These rules ensure that patient data is correct and accessible to authorized parties.
Formalize your privacy procedures in a written document.
- Designate an executive to oversee data security and HIPAA compliance.
- Identify which employees have access to patient data.
- Train employees on your organization’s privacy policy and how it applies to their job.
- Require all outside parties who need to access protected patient data to sign contracts stating that they will comply with HIPAA security rules.
- Back up data and have an emergency plan for disasters that could cause information loss.
- Perform an annual data security assessment.
- Create a data breach response plan that addresses notifying affected patients and fixing compromised IT systems.
Physical security requirements
These HIPAA rules help your organization prevent physical theft and loss of devices that contain patient information.
- Limit access to computers by keeping them behind counters, secured to desks, and away from the general public.
- Restrict access to secure areas, monitor building safety, and require visitors to sign in.
- Exercise caution and follow best practices when upgrading or disposing of hardware and software, including securely wiping hard drives.
- Train employees and contractors on physical safety best practices, including the importance of securing their cell phones and mobile devices.
Technical security requirements
These measures protect your networks and devices from data breaches.
- Encrypt sensitive files that your organization sends via email and ensure that any cloud-based platform you use offers encryption.
- Protect your network from hackers and other cyberthieves with firewalls and intrusion detection and prevention systems.
- Train your employees to identify and avoid phishing scams.
- Back up data in case of accidental deletion or changes.
- Authenticate data transfers to third parties by requiring a password, a two- or three-way handshake, a token, or a callback.
- Require that employees periodically change their passwords, and ensure passwords contain a mix of letters, numbers, and special characters.
- Prevent data entry mistakes by using double-keying, checksum, and other redundancy techniques.
- Keep updated documentation of your organization’s technology and network configurations.
Your organization may need to hire specialized consultants and contractors to help meet HIPAA security rule standards. Maintaining compliance requires monitoring changes in the law and upgrading outdated technologies.
Protect patient data with cyber liability insurance
Complying with the HIPAA security rule requires time, money, and the participation of all workers, but your organization’s plan should also include cyber liability insurance.
A cyber liability policy protects you in the event of a data breach and will pay for the costs of notifying affected patients and providing them with credit and fraud monitoring services. Cyber liability insurance also covers legal and court costs if patients sue your organization for exposing their personal information.
Compare healthcare insurance quotes online with Insureon
Protect yourself by completing Insureon’s easy online application today to compare healthcare business insurance quotes from top-rated U.S. carriers. Once you find the right policies for your business needs, you can begin coverage in less than 24 hours.
Desiree DeNunzio, Contributing Writer
Desiree is a writer and editor with a passion for bringing relevant content to readers. She's edited and written content for online and print publications such as Wired magazine, PCWorld, CNET News, and more.