HIPAA Audits: Are You Prepared? (Part 2)
How can I protect my organization?
It’s more important than ever to ensure that your organization is using or providing secure, encrypted tools when communicating about patients. Under the HITECH Act of 2009 requirements, which supplemented the HIPAA security guidelines, ePHI handled by both Covered Entities as well as their Business Associates must be transmitted, stored and accessed securely, as well as protected from reasonable threats and unauthorized access.
What is encryption?
An often misunderstood aspect of ePHI protection is data encryption. While encryption is deemed addressable rather than required in the HIPAA guidelines, that does not mean it is optional.
Has your organization done a risk analysis?
You need to perform a risk analysis to determine if there is any possibility that your ePHI data could be at risk. If you find that your data is at risk, encryption is the key to minimizing a security breach.
How can a data breach happen?
Almost half of all large breaches take place due to lost or stolen mobile devices. Criminal attacks are another primary reason for breaches. Ensuring your ePHI is always protected, even on all mobile devices, using encryption and other technical safeguards can help eliminate the potential for a reportable breach with regards to that data.
What if we add encryption, and a data breach still happens?
If a breach of encrypted information takes place, it will not be subject to the breach notification rule as the encrypted data is considered to be unusable, unreadable, or indecipherable.
What options are available for encryption?
A small investment in a secure communication method can be a huge insurance policy to avoid civil and criminal penalties. miSecureMessages, Amtelco’s two-way secure paging and text messaging alternative, is a HIPAA-compliant solution with full encryption that does not store ePHI on users’ mobile devices. If a device is lost or stolen, you can easily and remotely deactivate that user to revoke access to ePHI. In addition, the app can require your users to enter a passcode to re-open the app.