7 Tips to Help You Reach HIPAA Compliance

March 29th, 2017 by admin

If you aren't shouting "hip, hip, hooray for HIPAA"...you're a normal person. Adhering to HIPAA Compliance standards is a necessary and complicated process for healthcare professionals. With so many regulations in place it can be hard to keep up. These seven simple steps will ensure that you are actively working to improve your compliance and that your company is free from fines.

If you work in healthcare, adhering to HIPAA Compliance standards is a necessary, albeit complicated and confusing process. Following these seven simple steps can help make things run smoother for your business, and ensure your company is actively improving on all HIPAA compliance regulations and able to avoid fines.

1. Get a HIPAA Compliance Scan at Least Once a Year

The safest, smartest, most cost-efficient, and overall best option for your business is to get a HIPAA Compliance Scan. At Equinox IT Services, we implement a program that runs on your network, sifting through all the needed information for a highly detailed report that unveils security risks and provides detailed steps of what can be improved in order to meet HIPAA standards. This report is designed to pick up on everything - from the simple that you may have overlooked, to the tiniest flaws that can’t be found otherwise.

2. Get on a Domain, not a Workgroup

There are two ways to set up a Windows network, a Workgroup or a Domain. A peer-to-peer Workgroup is a loosely connected group of workstations. A Domain is centrally managed and includes security features. You cannot be compliant with many HIPAA requirements like Information System Activity Review, Unique User Identification, Audit Controls, and Person or Entity Authentication in a Workgroup. You need a Domain. You may need to purchase a server, convert your existing server into a Domain Controller, or create a secure network in the Cloud.

3. Add Encryption to all of Your Mobile Devices

Encryption is just one more lock and key that helps keep your precious data safe. There are many different types and levels of encryption. Here are just a few of the options:
  • Full Disk Encryption: Encrypts data on the entire hard drive. Full Encryption includes restricted access and requires user authentication.
  • Virtual Encryption: Encrypts containers (files full of data). Virtual Encryption includes restricted access and requires user authentication.
  • File Encryption: Specific folders are encrypted using a unique point of access for each file. File Encryption includes restricted access to certain, selected files that remain encrypted in any place where the data is deposited.
Not to mention: if worst comes to worst, and encrypted data is stolen, you are not legally required to notify patients or the authorities.

4. Manage Passwords and Automatic Logoff

As tedious as it is, strong passwords are the first and last defense when it comes to data security. HIPAA standards require audit trails to identify which user accessed patient records. For this reason individual users must log on and off by themselves, and not allow sharing of passwords or piggy-backing multiple users during a single session. According to HIPAA Compliance patients should never be left unattended in a room with an unlocked computer. Automatic logoff is the easiest and cheapest way to meet these standards. Training your staff to hit “Windows key + L” is a great shortcut to lock your computer as well.

5. Own a Business-Grade Firewall

It’s important to use a business-grade firewall. Firewalls are required in order to meet HIPAA compliance regulations. Business-grade firewalls come equipped with extra security features for a much stronger defense. A business-grade firewall is very affordable and costs a lot less than a fine or the cost to notify patients of a security breach.

6. Business-Class Email and Text Messaging

Yep, even the data used through correspondence needs to be protected! Standard services that come with your ISP like Gmail and Yahoo won’t cut it when it comes to security. HIPAA compliance standards require a business-grade email with end-to-end security. Texting using the cell carrier’s systems is NOT HIPAA Compliant. Never text protected information!

7. Have Professional IT Staff or an Arrangement with an IT Company

Professional IT staff are not just important for HIPAA compliance, but instrumental to a smoothly-ran business. Whatever arrangement you choose to suit your needs will help make certain that security updates are well-monitored and consistently applied, as well as any other IT issues that need resolving. Luckily for you, we know a guy! (Us. It’s us.) Becoming HIPAA compliant can be a complicated process, but with these easy steps, you’re that much closer to closing the security gap! Not sure where to start? Equinox IT Services will make sure that your business will be taken care of from beginning to end. Call us today - you’re that much closer to meeting HIPAA regulations and avoiding unnecessary fines!  

Posted in: Security, Tech Tips


Cal. Civ. Code § 1798.102 - Do Not Sell My Personal Information