Understanding the Impact of HIPAA and HITECH on Information Security for your Business

If you happen to be a healthcare provider or own a medical practice, then you’re no stranger to the ethical importance of maintaining confidentiality between you and your patients. However, beyond maintaining high moral principles you also have a strict obligation to meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. As your practice strives to reap the incentives for adopting electronic health record (EHR) technology, it’s important to review these acts in detail so that you are knowledgable of their privacy security requirements.

According to HIPAA requirements, all health-care entities and their business associates must implement security measures to protect personal health information (PHI). There are two distinct rules within HIPAA that apply to your practice: the Security Rule and the Privacy Rule. While ultimately these rules are linked together, it’s still important to be able to distinguish between the two in order to maintain compliance.

The HIPAA Security Rule

The HIPAA Security Rule refers directly to the protection of electronic information. This is where the HITECH Act comes in. Being the later of the two pieces of legislation – enacted in 2009 – the HITECH Act sets forth provisions for the meaningful use of EHR. Also, it requires health-care entities and their business associates to report data breaches affecting more than 500 individuals. Additionally, there are stiffer civil and criminal penalties for data breach incidents. In short, the Security Rule includes electronic information residing in the following formats:

  • hard drives,
  • memory storage devices,
  • magnetic and optical media, and,
  • transmission media (internet, intranet, networks, etc).

As a result, it’s important to have information security measures in place to prevent the loss or theft of electronic PHI. While the Security Rule does not mandate specific technology or tools for safeguarding PHI, a professional records and information management company can provide your organization with the following solutions:

  • hard-drive destruction,
  • offsite media vaulting, and
  • electronic vaulting.

The HIPAA Privacy Rule

Like the Security Rule, the HIPAA Privacy Rule applies to electronic information, but it also includes data in all formats, including paper documents and files. With this in mind, it’s critical to have similar solutions in place for the protection and security of hard-copy records. Secure storage, controlled and documented access, and confidential destruction can also be provided by a professional records and information management company. When choosing a provider, you should consider a vendor which can provide solutions specific for meeting your electronic medical records (EMR) needs. Services may include a combination of:

  • clinical solutions,
  • practice-management solutions, and
  • patient-portal solutions.

Since 1981, Archives Management Center has been the leading provider of records and information management services for Palm Beach, Martin, St. Lucie, Indian River and Okeechobee county healthcare providers.

To find out more information about our EMR solutions, please contact us by phone or fill in the form on the page.