HIPAA is the acronym for the Health Insurance Portability and Accountability Act pass by congress in 1996. A federal law that establishes the acceptable uses and disclosures of protected health information (PHI), sets standards for the secure storage and transmission of PHI.
On Community Pharmacy
What HIPAA Does
Reduce Health care fraud.
Enforce the protection and confidential handling of health information.
Provide ability to transfer and continue health coverage for millions patients, workers and families.
Provide and promote high industry-wide standards for Security health care information.
The introduction of the HIPAA Enforcement Rule in 2006 gave the Department of Health and Human Services’ Office for Civil Rights the power to enforce HIPAA. Since then, it has been possible for the HHS to pursue financial penalties for violation of HIPAA Rules. This violations can lead to penalties of $25,000 per year up to $1.5 Million per year, mandated corrective action and even criminal charges.
Ignorance of HIPAA regulations is not considered to be a justifiable defense by the Office for Civil Rights of the Department of Health and Human Services (OCR).
Verify that your pharmacy in under HIPAA
compliance with this security rule checklist:
If your organization has access to electronic Protected Health Information (ePHI), it is recommended that you follow this three security rules: Technical Safeguard Control, Physical Safeguard Control and Administrative Safeguard Control.
Technical Safeguard Control:
This control is one that uses technology to reduce vulnerabilities. Whether the data is in rest or in transit need to be encrypted to NIST Satndards. The following list provide a few examples:
Intrusion Detection Systems (IDS): Monitor company network for intrusions and provide protection against various threats.
Access Controls: ensure that only authorized user can access data by a centralized-control.
Activity & Audit Controls: required under technical safeguard to register attempted access to ePHI and records.
Physical Safeguard Control:
This control focus on physical access to ePHI. A physical control is something you can physically touch, such as hardware lock or a fence. This also stipulate how workstations and mobile devices should be secured. The following list provides a few examples:
Policies for the use of workstation: restrict the use of workstations that have access to ePHI.
Deterrent Controls: Attempts to discourage a potential attacker from attacking and discourage employees from violating security policy.
Administrative Safeguard Control:
The administrative safeguards are the policies and procedures which bring all together. They are the pivotal elements of a HIPAA compliance checklist, they also govern the conduct of the workforce, ensuring that day-to-day operations of an organization comply with their overall security plan. The Following list provides a few examples:
Restricting third-party access: It is vital to ensure ePHI is not accessed by unauthorized parent organizations.
Awareness & training: The importance of training to reduce risks cannot be overstated.
Conducting risk assessments: is the compilation of a risk assessment to identify every area in which ePHI is being used.
There are more than 150 controls to complied with the minimal requirement of NIST Standards, this only show 8 of them.