Healthcare Security: Structure for HIPAA Compliance
This post was originally published on February 25, 2016 and has been updated for accuracy and comprehensiveness.
Patient safety and privacy are top priorities at your healthcare facility.
Before you can implement the proper equipment needed to keep individuals safe, you must carefully consider the security and privacy rules outlined in the Healthcare Insurance Portability and Accountability Act (HIPAA).
Use this article as a guide to ensure your healthcare facility’s security solutions comply with HIPAA regulations.
Secure Computers and Devices
As part of HIPAA, healthcare facilities are required to ensure protected health information (PHI) is secure and private. This means computers and devices hosting this information must be properly protected. Keep your critical files, records and data safe with the following cyber security practices:
- Back up files electronically. Store sensitive information in a secondary location, such as cloud-based systems or an offline computer, in the event your primary system fails or malfunctions.
- Install firewalls and anti-virus software. Work with your IT team to protect your network from hackers gaining unauthorized access.
- Utilize proper password management. Require all computer or device users to have their own unique password and/or passcode. This provides enhanced visibility into who is logging into your systems and limits access to specific individuals.
Ensure Proper Surveillance Camera Placement
Video surveillance adds an extra layer of security to your healthcare facility by deterring theft or violent behavior. However, consider patient privacy before installing cameras throughout your facility. Avoid installing cameras in areas where there’s an expectation of privacy. These include:
- Areas directly facing computer screens.
- Changing rooms.
- Emergency rooms.
- Exam rooms.
- Hospital rooms.
You can install security cameras in the following areas:
- Facility entrances and exits.
- Elevators and fire escapes.
- Entrances to restricted areas.
- Equipment or medicine storage closets.
Healthcare facilities are legally allowed to install surveillance cameras in these areas because they are considered open to the public. However, only authorized individuals should view footage, because recordings may include PHI or other sensitive information.
To avoid unnecessary legal ramifications, consider posting signs that clearly identify areas under surveillance.
Enable Access Control
HIPAA regulations require healthcare facilities to implement technical safeguards, like access control, to protect individuals’ electronic protected health information (ePHI). By assigning personnel unique codes, you’ll know when members of your staff arrive to work and what areas they access at any time. For example, if documents are missing from a room secured with access control, time logs can show which employees were in that room and when. This can help you identify the culprit.
Access control products that help enhance security include:
- Access cards.
- Basic intercom systems.
- Combination technology readers.
- Photo identification systems.
- Proximity readers.
- Swipe readers.
- Turnstile readers.
- Video analytics interface.
While these tips can enhance healthcare facility security, it’s important to work with a professional. Contact a trusted security expert and consult with your IT team, security and safety resources, risk and emergency management, as well as your clinical stakeholders to ensure compliance with HIPAA regulations. You may also visit www.hipaajournal.com.
How does your healthcare facility prepare for HIPAA compliance? Share with us in the comments below.