HIPAA Best Practices

Posted by Sally Bogus on 27 October 2011

HIPAA is an acronym that most clinicians are familiar with, but there is another term that every clinician should familiarize themselves with as they consider taking patient data into the digital age-HITECH. The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA), was signed into law on February 17, 2009, to encourage the adoption and meaningful use of health information technology. An Electronic Medical Record (EMR) is the most common form of health information technology implemented by behavioral health care providers. When considering adopting an EMR it’s very important to consider the security of your data. Below are a few tips to maintaining the security of your patient data when using an EMR to comply with the enhanced security recommendations set forth in the HITECH act.

User Authentication

• Access to electronic protected health information (ePHI) will require individual user identification and password authentication.
• Make sure any system used to store ePHI has an automated lock-out for several failed login attempts

Minimum Necessary 

• This is a common term when discussing HIPAA security precautions. Simply stated, consider who in your office needs patient data complete their jobs and what data they need. Consider limiting access to patient data depending on what is needed to complete their individual job responsibilities.

Local Storage

• Avoid storing ePHI on a local machine like a laptop or desktop
• If ePHI is stored on a laptop/portable device, try to encrypt the date or store locally for only a temporary period of time
• Any device that stores ePHI should be kept in a secure location as well as have password protected access
• Make sure all data is stored in an encrypted format
• Make sure all server locations are secure

Remote Storage (Using web-based EMR)

Adopting an EMR will impact the way you handle PHI, so make sure you know how the EMR program you select can help you comply with HIPAA and more specifically the HITECH protocols. Using the items above should help you narrow your search when considering EMR programs.