Practical steps to compliance with HIPAA Computer Policy

That the HIPAA has a clear and stringent policy on computers is absolutely understandable, because computers constitute the very soul of HIPAA. Ensuring security of patient data is one of the core causes for which HIPAA was enacted; so, it is only natural that Computer Policy should be at the center of HIPAA compliance.

A HIPAA Computer Policy rule came into effect in 2005. The nub of this enactment is to ensure that there are technical, physical and administrative security procedures that must be adhered with. These are meant for Covered Entities to ensure that the data they have of patients, namely electronic Protected Health Information (PHI) is safe and secure.


Understand the reason for HIPAA Computer Policy

Any implementation has to start with an understanding of the rationale for the action, right? The same goes for something as important and big as implementation of HIPAA compliance into systems. HIPAA Computer Policy is in place for a specific and critical reason ���protection of patient data, loss of which can lead to hefty penalties that can affect the business very adversely. So, installing the necessary protections is the first step to protecting vital data and with it, one's own business or practice, as well.

Implement a sound access policy

A strong access policy is at the heart of HIPAA Computer Policy. It is in the computer systems that all the data relating to the patient are stored. So, making sure who in the organization has access to these and how and when, is very important. Not only should access be restricted to only designated and permitted personnel in the organization; there should be a system by which tracking of access is easily determined. This is to find out who accessed which record, when, what action followed, what happened as a result of this access, and so on.

Keep a record of all system components

This is another step to ensuring compliance with HIPAA Computer Policy. Storage devices can be very utilitarian in being compact and yet highly capable of storing massive amounts of data. While it can serve a purpose very well, it can also make the system vulnerable to attacks. All that is needed is for some crook to copy humungous volumes of data into a small external device and slip away with it. So, it is necessary to keep a record, a journal if you like, of all the devices stored in the premises. These can relate to the software, the hardware and the network. In addition, care should also be taken to ensure that data relating to patients in each of these components is tracked at the point of each access or operation.

Disaster recovery

Disasters can happen without warning. Or else, they wouldn't be called by this name, after all. Any healthcare organization or practice has to make sure that HIPAA Computer Policy is best served by having a sound and secure disaster recovery plan in place. Backup of every data and every operation in a remote host server is a first step to putting a disaster recovery plan, an integral part of HIPAA Computer Policy, in place.