Connect With Us facebook

HIPAA Compliance Guidelines

There are pages on pages of information on how to be HIPPA compliant. Reading through all of this information can be a bit time consuming and at times very confusing. Here is a basic break down of what needs to be setup in order to meet the basic HIPPA laws for your IT operations and network structure.

1: Every computer on your network has to have a password. The password should be on the med side of complexity. IE – smith!23. Without a password any staff or client can access your computer.

2: The PM (practice management) software has to have a user name and password that is unique to each staff member. In addition each staff member needs to log in using that information when using a computer and log out when not using the computer.

3: Any computer monitor in the office has to be placed so that other patients can not see the information on that monitor.

4: Each computer needs to have a up to date Anti virus/Anti malware software with nightly scans and updates ran. A paid subscription based software is going to offer you the best protection.

5: You need to have a Firewall router that provides content security and AV protection. Most yearly subscription routers like Sonicwall or WatchDog will provide this within the interface of the router. If you are using wireless your router needs to be able to assign a separate IP scheme outside of the range of your working LAN. So if your LAN is a 192.168.1.1 your WLAN or wireless needs to be 10.0.0.1.

6: Backup, if you are running a onsite backup to a removable device that is not encrypted or locked in a safe you will need to do so. If you are using a offsite or cloud storage and your data is going to a public data center then you are violating the HIPPA compliance. The data you backup has to be secured from theft or hackers. Even if your backup is going offsite that offsite company has to provide a HIPPA compliance sheet. 

7: For every service tech that you bring into your office a Business Associate Contract should be filled out and kept onsite.

8: EMAIL!! – Yes we are all using e-mail almost on a min. by min. basis these days. However sending patient information from your office to another office requires you to encrypt that email to protect the patients personal information. There are a few companies out there that offer a service that will provide this encryption for you. Rpost.com is one of those services. On top of that it is our recommendation that you do not use a Gmail, sbcglobal, yahoo, AOL or any free email service for your business email. Instead we recommend using a secure e-mail server that can be provided by your web host or website provider. Your web site domain can be parked along side your e-mail within the same company making things a bit easier to manage. 

9: Create a book for your office that outlines all the information above. Call it the HIPPA rule book or something you can direct a HIPPA audit agent to in case there is an audit. 

For now these are the basics and we will be adding more if needed. If you have any further questions for your Healthcare IT business or medical enterprise, please feel free to call us.