Geek-on Consultant
I.T. professionals for your business
HIPAA COMPLIANCE FOR
COMMUNITY PHARMACY
HIPAA A federal law that establishes the acceptable uses and disclosures of protected health information (PHI), sets standards for the secure storage and transmission of PHI. We provide service and technology to protect and secure the information and technology running your business.
On Community Pharmacy
What does Geek-On Consultant do
-
Reduce Health care fraud
-
Enforce the protection and confidential handling of health information within the network
-
Provide and promote high industry-wide standards on System Security
-
Reduce and protect Sensitive information against malware, virus and hackers
-
Provide affordable security hardware and tools
The introduction of the HIPAA Enforcement Rule in 2006 gave the Department of Health and Human Services’ Office for Civil Rights the power to enforce HIPAA. Since then, it has been possible for the HHS to pursue financial penalties for violation of HIPAA Rules. This violations can lead to penalties of $25,000 per year up to $1.5 Million per year, mandated corrective action and even criminal charges.
Ignorance of HIPAA regulations is not considered to be a justifiable defense by the Office for Civil Rights of the Department of Health and Human Services (OCR).
HIPAA
Enforcement Rules
Verify that your pharmacy in HIPAA compliance
with this few security control rule checklist examples:
If your organization has access to electronic Protected Health Information (ePHI), it is recommended that you follow this three security rules: Technical Safeguard Control, Physical Safeguard Control and Administrative Safeguard Control.
Technical Safeguard Control:
This control is one that uses technology to reduce vulnerabilities. Whether the data is in rest or in transit need to be encrypted to NIST Standards. The following list provide a few examples:
-
Intrusion Detection Systems (IDS): Monitor company network for intrusions and provide protection against various threats.
-
Access Controls: ensure that only authorized user can access data by a centralized-control.
-
Activity & Audit Controls: required under technical safeguard to register attempted access to ePHI and records.
Physical Safeguard Control:
This control focus on physical access to ePHI. A physical control is something you can physically touch, such as hardware lock or a fence. This also stipulate how workstations and mobile devices should be secured. The following list provides a few examples:
-
Policies for the use of workstation: restrict the use of workstations that have access to ePHI.
-
Deterrent Controls: Attempts to discourage a potential attacker from attacking and discourage employees from violating security policy.
Administrative Safeguard Control:
The administrative safeguards are the policies and procedures which bring all together. They are the pivotal elements of a HIPAA compliance checklist, they also govern the conduct of the workforce, ensuring that day-to-day operations of an organization comply with their overall security plan. The Following list provides a few examples:
-
Restricting third-party access: It is vital to ensure ePHI is not accessed by unauthorized parent organizations.
-
Awareness & training: The importance of training to reduce risks cannot be overstated.
-
Conducting risk assessments: is the compilation of a risk assessment to identify every area in which ePHI is being used.
There are more than 150 controls to complied with the minimal requirement of NIST Standards, this only show 8 of them.