HIPAA, or the Health Insurance Portability and Accountability Act, has been a huge source of interest since cyberattacks became prevalent in the business world. Many people have argued that hackers will begin to focus on the health care industry, due to lack of innovation in cybersecurity affecting a variety of equipment.
HIPAA privacy and procedures
Both health care providers - such as dentists, hospitals, pharmacies, laboratories and health plan providers - and business associates are affected by HIPAA. The whole point of the act is to ensure that these entities maintain the privacy of sensitive records, whether these take the form of electronic documentation or paper reports.
The act also determines what can and cannot be shared by health care providers. For example, according to HIPAA, professionals can share confidential information if a life or lives are in danger. This was established by the Tarasoff v. Regents of University of California ruling. A psychologist was unable to warn Tatiana Tarasoff (due to confidentiality) that a man was planning to kill her after he confided his homicidal plans to the professional. The psychologist was unable to warn Tarasoff because of the laws in place, and she was murdered. Providers now have a duty to inform any third party that they're at risk of violence or a contagious disease.
Not only does HIPAA keep people safe, but it may help those related to patients feel at ease. HIPAA allows health care clients to sign over professionals' ability to disclose information to friends and family, such as a patient's rate of deterioration.
HIPAA and cybersecurity
mHealth News reported how health care providers are increasing their use of laptops, personal devices and other forms of technology. This has made it easier to deliver prescriptions and inform patients about their health, as well as provide medicine in a fast, flexible and informative way.
However, use of technology in this industry has caused concern. There have yet to be firm regulations on what health care providers have to maintain in terms of cybersecurity. mHealth News mentioned that encryption for medical records is a gray area within HIPAA compliance, as the law only suggests professionals encrypt "whenever deemed appropriate."
A lack of encryption is extremely risky for digital health care records. Email encryption has become a basic necessity for those in the corporate world - since emails hold incredibly sensitive data, they are often the first channel hackers focus on to compromise electronic information. This was evident in last year's attack on Sony Entertainment, when executive emails were released to the public. The source insisted health care professionals encrypt information even though this is not yet a standard under HIPAA.
HIPAA compliance in the medical community
NueMD conducted a survey last year regarding HIPAA compliance among health care providers and found that only 58 percent of respondents said they had a HIPAA plan in place. Additionally, 23 percent said they had no plan at all and 19 percent were unsure.
This is bad news for many health care professionals, as HIPAA will be conducting Phase 2 audits this year to review both health care providers and business associates. Mike Sacopulos, CEO of the Medical Risk Institute, estimated approximately 85 percent of small to medium-sized medical practices have a deficiency in their processes, according to Physicians Practice.
Health care Dive suggested practices take action to achieve HIPAA compliance. Conducting a risk analysis of a practice to determine where there may be violations is a good first step. Then, further addressing OCR audit program protocol to be prepared for the 2015 audits.
Overall, HIPAA compliance requires properly training medical professionals. Supervisors should be open and willing to help those who feel as though they're behind in regulations and practices, and in turn, patients and staff will benefit.