What do I REALLY need to do regarding HIPAA?

[glricht]

Looks like I'm going to pick up a new customer: a small office for an orthopedic surgeon. He was part of a hospital for many years, but has decided to open his own office, which means he no longer has the hospital's IT support and infra-structure.

I've done a site-survey and from an IT perspective he's in fairly good shape compared to some of my other SMBs (just need to beef up his backup strategy). He has 6 PCs and his LOB software (e.g. medical records & office administration) is on a remote system managed by a company that specializes in this type of things.

This is my first medical-related customer. I know that HIPAA is now applicable, but I can't determine specifically what it means to me.

I've found a ton of HIPAA-related documents via Google and the HHS web site, but it's all very generic.

For those of you experienced in supporting a small medical office, what exactly do you do differently specific to HIPAA? What kind of documentation do you have to provide? Did you sign a Business Associate Agreement?

Thanks for your help.

 

[Markverhyden]

Before you do anything you must have a Business Associate Agreement signed. And it needs to be one they provide you and not the other way around.

You also need to touch base with your insurer(s) to make sure that your policies will encompass that industry sector.

I've got a couple of dental offices. Whole drive encryption has been setup. Also regular backups including offsite. Crashplan. One has switched from Apple to M$ I've still got some other things that are being worked on. One important one is encrypted email.

 

[Tech in SC]

Actually your FIRST task is to complete your own HIPAA compliance. As a Business Associate working for a Covered Entity, your business is also bound by HIPAA regulations and requirements.

It would behoove you to get the accurate facts before moving forward.

As you have discovered... the information floating around is difficult to figure out how it applies to you. Add to that, the misinformation and incorrect guidance you will get and you are setting yourself up for potential disaster.

I highly recommend you check out HIPAA for MSPs - Your Resource for HIPAA for the Managed Service Provider to see if this resource is right for you.

 

[glricht]

Thanks guys, you've given me some avenues to pursue.

I appreciate your help.

 

[GEGeek]

These sites might help as well. I am in the medical field and subscribe to these.
Healthcare IT News | Meaningful use, EHRs, ICD-10, HIE, NHIN, policy, big data and more
Health IT Security News, Tips and Product Information. Stay up to date with HIPAA, EHR Security, VDI, Data Breaches, Data Security and BYOD Security.HealthITSecurity.com

 

[JustinNickerson]

I constantly try to prove to my friends, acquaintances, and sometimes colleagues, that data security is very important both in everyday life and during work. Doctors should be very clear about this. Many hospitals faced claims due to information leaks or disclosures. And you are absolutely right that the access of strangers to the information of patients can be harmful. I recently found an article about healthcare security breaches (to read follow this link: https://igniteoutsourcing.com/healthcare/healthcare-security-breaches/) and now I'm watching very closely all the safety factors in my hospital. At least those that I can really control in my work.

 

[Archon Prime]

I constantly try to prove to my friends, acquaintances, and sometimes colleagues, that data security is very important both in everyday life and during work. Doctors should be very clear about this. Many hospitals faced claims due to information leaks or disclosures. And you are absolutely right that the access of strangers to the information of patients can be harmful. I recently found an article about healthcare security breaches (to read follow this link: https://igniteoutsourcing.com/healthcare/healthcare-security-breaches/) and now I'm watching very closely all the safety factors in my hospital. At least those that I can really control in my work.

did you seriously just dig out a 5 year old thread?