HITECH says to ENCRYPT OR DESTROY DATA AT REST TO SECURE IT (Section 13402(h) of Title XIII HITECH Act).Similar set of Security requirements that are applied under normal business operations must also be applied during EMERGENCY MODE.Regular backups are the first step in enhancing Disaster Recovery and Business Continuity (HIPAA Security Rule 164.308(a)(7)(i)). This is required by HIPAA Security Final Rule (CFR 164.308(a)(1)). Ensure FREQUENT BACK UP of your data is done.If anything happens to the data at your office, you can quickly recover your data from its remote storage. This way, your data exists in two physical locations. different from the original data storage. STORE BACKUP COPIES OF ePHI OFF SITEe.You must be able to fully “restore any loss data” (CFR 164.308(7)(ii) (B)) The DATA you are securing and backing up must all be RECOVERABLE.All Covered Entities (CE) as well as medical practices and Business Associates must comply with this and ensure that they securely back up “retrievable exact copies of electronic protected health information” (CFR 164.308(7)(ii)(A)). So here are some notable points you must consider and remember: And, the recent HIPAA Omnibus Final Rule has expanded the notification requirements and penalties that providers are liable for related to PHI (Personal Health Information) breaches and expanded HIPAA coverage so that it also applies to Business Associates (BAs) as well. As a result, the 2009 HITECH Act has increased penalties for non-compliance with the HIPAA rule. Many CEs, including providers, are still not in compliance. Most Covered Entities (CEs) had two full years – until Ap– to comply with these standards. The HIPAA Security Final Rule, the last of the three HIPAA rules, was published in the FebruFederal Register with an effective date of April 21, 2003. In a nutshell, information security is about ensuring three attributes of information or data: confidentiality, integrity, and availability. Covered Entities must ensure they have a well-defined contingency plan that ensures that patient data is still available after a primary data loss. It is but a best practice for an organization to evaluate their system and then implement a secure backup, archiving, and recovery solution to comply with HIPAA standards. These risks include disaster that may cause physical damage to servers and/or computers that store patient information. Majority of patient information is transferred over to electronic format, the healthcare IT industry realizes that it is exposed to certain risks. Patient privacy continues to be one of the most talked about topics in the Healthcare Industry as technology continues to evolve.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |