HITECH Act: IT Policies & Procedures
The healthcare IT component of the ARRA (American Relief and Recovery Act) is commonly referred to as the HITECH (Health Information Technology for Economic and Clinical Health) Act. The HITECH Act covers a wide range of healthcare IT initiatives.
The electronic security measures mandated in HITECH are similar to any business that needs to protect confidential information. Electronic Protected Health Information (EPHI) must be unreadable to unauthorized persons for EPHI to be considered secured.
Encryption of data is important
The new HIPAA regulations require that all servers, flash drives, workstations, laptops and other devices that store data should utilize data encryption technology. This will ensure there is no chance of unsecured EPHI.
Encryption of network transmissions
The transmission of EPHI over the internet should be encrypted. The most common secure technologies used are Secure Sockets Layer (SSL), IPSecurity (IPSec) and Transport Layer Security (TLS).
Utilize encryption on wireless access points
In medical offices they use laptops and tablets that will communicate through wireless access points. Make sure that all your WAPS use encryption techniques and assign a security key to access your network.
Encrypt your copiers
Digital copiers have built-in hard drives. If you dispose of a copier by selling it, the data on the hard drive may be unencrypted. If so, it is unprotected and can be accessed by others.
Maximize the use of patient portals
In a patient portal, standard email is used between the parties to inform that a message is available to be viewed on the portal. The party that receives the message logs into the portal to receive and reply to the message. In this way, the EPHI is restricted within the portal website, and the encrypted information is secure.
Secure remote access
Companies provide teleworkers remote access that includes virtual private networks, remote system control, and individual application access. They should use antivirus for protection of data.
Any local network that is connected to the Internet should use firewall to avoid unauthorized access.
A proper backup plan is required
Although not new to HIPAA under HITECH, the HIPAA security rule does require all EPHI to have a backup/disaster recovery plan.
A medical billing company can help you maintain the standard, security and privacy of your outsourced work at an affordable budget.