10 Steps to Help You Make Sure Your Technology is HIPAA Compliant

Anyone who can access protected health information is subject to HIPAA compliance.  That includes doctors, nurses, receptionists, billing and filing clerks–if they can see it, they must take measures to protect patient information.

Here are ten steps healthcare providers must take to make sure they are HIPAA compliant:

  1. Use Strong Passwords  Develop a policy for creating a password and never share it with anyone.  Not even your co-workers.
  2. Install and Maintain Anti-Virus Software   It’s not enough to have virus software, you have to make sure procedures are in place to keep it functioning and up-to-date.
  3. Use a Firewall  Think of this as a wall around your system that keeps unwanted visitors from accessing patient information.
  4. Control Access to Protected Health Information  Not every staff member needs to be able to gain access to your computer system. Consider a two-step authentication system for very sensitive data.
  5. Control Physical Access  Do not leave computers or monitors in public or unmonitored areas.
  6. Limit Network Access  NEVER allow your patients to gain access to your network with their wireless devices.  If you wish to provide Wi-Fi for patients and staff, do so through a distinct network designed for public access.
  7. Plan for the Unexpected   Keep off-site backups of important information and data in case of an emergency like a tornado, flood or fire.
  8. Maintain Good Computer Habits  Remember to sign-off of the network when your computer will be unattended.  And never write down your password and post it in your office.  
  9. Protect Mobile Devices  If you access patient information on cell phones, tablets, etc. make sure they are password-protected and don’t leave them lying around the office. These devices are small, and therefore easily stolen.
  10. Establish a Security Culture  Have regular training about network security and make sure your staff understands that procedures will be enforced.

Violations of the HIPAA and HITECH Act can result in huge fines. Some as high as $1.2 million! Don’t put your business at risk by ignoring these ten critical steps to becoming compliant.