|  | Healthcare Industry | General Healthcare Industry

HIPAA Technical Requirements

As technology continuously advances, the need to safeguard patient information becomes more important. Enacted in 1996, the Health Insurance Portability and Accountability Act (HIPPA) delineates procedures for accessing, handling and the electronic storing of a patient's private medical information. The technical safeguards of this act include access control, audit controls, integrity controls and transmission security.

  1. Access Control

    • HIPAA determines electronic access controls that enable authorized users access to a patient's private medical information. Four implementation specifications associated with access control under HIPAA detail these procedures.

      An unique user identification must be assigned to each user accessing patient information. This provides two functions: user accountability and visibility of functions performed when accessing the system.

      Access procedures document instructions and procedures for obtaining access to electronic patient information during emergencies. Employers must determine what types of situations require an employee access to a patient information system in the event of an emergency--in advance of such emergencies.

      Automatic log-off prevents unauthorized users access to sensitive patient information. Efficient patient information systems automatically log users off, after a predetermined period of inactivity. Another option includes systems that activate password-protected screen savers after a specific amount of system inactivity.

      Systems that include encryption and decryption methods convert originally typed text to encoded text masked on the screen. Only the authorized receiving party with the key to decode information can access the information.

    Audit Controls

    • Audit controls must be set in place for audit reports used for recording and examining information system activity. This is useful when attempting to determine if a security violation has occurred.

    Integrity Controls

    • The goal of HIPAA is to protect the integrity of electronic patient information. Altered data or data destroyed improperly results in patient safety issues. Data integrity is often compromised by human or electronic media error or failures. HIPAA security standards were enacted to ensure that policies and procedures protect electronic patient information from being compromised regardless of its source.

    Transmission Security

    • Electronic patient information transmitted via email, the Internet or via a company's Intranet must be safeguarded and kept private under HIPAA requirements. Data encryption and access controls ensure the safe transmission of patient information.

General Healthcare Industry - Related Articles