The security rules of the Health Information Portability and Accountability Act (HIPAA) govern circumstances where electronic health records (HER) are used. Therefore, if any organization uses electronic patient health information they are immediately subject to the HIPAA rules. If they somehow fail to comply with these rules they will be subject to heavy sanctions and fines. The original HIPAA document contains seventy pages, but summarizing it you get five main principles that are beneficial to all the organizations that comply with HIPAA security standards.

The five principles are listed below.

– Role-based security: All users must have levels of security according to their work function. Most hospitals and organizations do not have proper control over who accesses what patient information when. It is very important that this is actually done. In spite of knowing this, many administrators don’t do it and this weakens their security system.

– Data Back-up: Though it seems perfectly obvious that you would have a back up of all your data, many medical organizations end up overlooking this. The systems must be made to automatically create a back-up to an external media at regular intervals. The time interval should take into consideration the frequency at which the data changes and how much space is available for the data since the previous back-up. The external back up media or tapes must be stored in a safe and secure location and special care must be taken for their transportation.

– Strong username and password: Most people in healthcare organizations or elsewhere use “easy” passwords that can be easily hacked in order for them to remember them. Usually jobs are shared by more than two people and to avoid extra costs, many hospitals use shared user names like “Billing” or “Nurse Station”. This must be avoided specially if there are passwords that are easy to guess. All passwords must contain at least six characters and must include numbers, letters and symbols.

– Software patch management and protection against bad software: Almost all medical organizations do not keep a back-up of all their systems and fail to patch their software security. With the software patch management in place you can get the best security protection. As new threats to software arise frequently, this HIPAA security rule is essential.

– Physical security: Storage of data and servers may not be adequately secure at times. The storage systems and servers may be located in common areas like a lounge or kitchen. It is crucial that the core systems must be secured in safe places under lock and key. Access should be restricted to only those who have a valid need. The area must be clean and contain good amount of free space. The equipment and data systems must be placed away from dusty areas.

The HIPAA Security Rule constitutes best practices of security. All medical organizations will benefit from complying with their standards and rules. HIPAA Security rules also provide you the needed freedom and flexibility to use any type of software. Overall,it creates good business practices.

For more information, please visit our HIPAA security rule website.

For more information, please visit our HIPAA security rule website http://www.hipaaprivacyrule.com

Author Bio: For more information, please visit our HIPAA security rule website.

Category: Advice
Keywords: HIPAA,Health Insurance ,health information,medical data,HIPAA security rule