Is Your Healthcare Facility HIPAA Compliant for 2010?

Any organization that transmits Protected Health Information (PHI) in electronic format, including health plan providers, health-care clearing houses and health-care providers must maintain HIPAA regulatory compliance.

Besides all the other regulatory hoops to ensure HIPAA compliance, do you know how to keep your IT computer assets in compliance with respect to data retention, encryption and destruction? Here are some things you must do in order to meet Federal HIPPA laws and mandates:

• Storing data on NIST-certified AES hardware-encrypted hard drives
• Shredding all documents using an NSA/DoD-approved High-Security shredder
• Degaussing of spent hard drives and tape cartridges to erase all patient data
• Destruction of hard drives using a Destroyer unit that bends, breaks and mangles.

About HIPAA Compliance

HIPAA (The The Health Insurance Portability and Accountability Act)was enacted by Congress way back in 1996, although there are continuing change provisions to be aware of to stay in compliance. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. This is intended to help people keep their health-care information private, though in practice it is normal for providers and health insurance plans to require the waiver of HIPAA rights as a condition of service.

The HITECH Act (Health Information Technology for Economic and Clinical Health Act), enacted as part of the American Recovery and Reinvestment Act of 2009, imposes notification requirements on covered entities, business associates, vendors of personal health records (PHR) and related entities in the event of certain security breaches relating to protected health information (PHI).