|  | Healthcare Industry | Healthcare Management

HIPAA Defining Technology Requirements

As of 1996, the Health Insurance Portability and Accountability Act, or HIPAA has set the standards for handling and transmitting patient health information within the United States. Compliance with these standards requires health care organizations and practitioners to incorporate certain practices within their technology frameworks. HIPAA requirements focus on protection, privacy and tracking controls to ensure the confidentially of patient information.

  1. Data Protection

    • Hospitals, health clinics and health-related facilities can gather and exchange patient information on a continual basis. In order to maintain patient confidentiality, HIPAA places special emphasis on an organization's ability to protect patient data, according to TechSoup, a technology reference site. To comply with this requirement, certain technology provisions must be in place within an organization's computer network and servers. Data protection measures include a system of medical billing that uses a standardized coding system for recording and transacting billing procedures between providers and payers. Measures to prevent loss of patient data in the event of system failure or a fire requires organizations to have a reliable backup system in place as well. HIPAA also requires organizations to obtain ongoing, or updated, patient authorization forms, which gives organizations the right to store and transmit patient data.

    Tracking Requirements

    • Under HIPAA, tracking requirements refer to how an organization monitors who accesses patient data. According to TechSoup, technology-based tracking includes the use of user access levels as well as unique usernames and passwords for everyone accessing the system. Tracking provisions also provide evidence of any changes made to a patient's record and reveal the original record prior to any changes. The use of access levels limits the amount of information a particular user has access, to in terms of a particular patient's record, as well as which patient records are accessible. As each organization is structured according to how it operates, the computer system can be customized according to user roles, access levels and privileges.

    Security Requirements

    • As any computer system can fall subject to unauthorized users without a reliable security wall in place, HIPAA-defined technology requirements address the need for an organization to have a secure firewall to protect system data. The use of unique usernames and passwords by authorized personnel also falls within this requirement by preventing unauthorized system use of patient files and by protecting information that is shared through an organization's e-mail server. In the event of a security breach, data encryption technology provides another layer of protection for patient health information stored in the system, as well as any information transmitted through an organization's network e-mail server.

Healthcare Management - Related Articles