Wednesday, February 25, 2009

Hipaa Network Requirements

HIPAA network requirements provide a high level of security for confidential patient information.


Within the healthcare field, the Health Insurance Portability Act of 1996, or HIPAA, enforces patient privacy rules by requiring organizations to protect patient health records. Under HIPAA, health-related organizations must meet certain technology requirements in terms of how their computer networks operate. These network requirements provide guidelines for securing patient information and monitoring user activity within the system.


Network Security Requirements


Network security requirements under HIPAA require organizations to employ data encryption, firewall protection and email protection as a means of protecting confidential patient information, according to the American Academy of Family Physicians. In 2009, the U.S. government enacted a second piece of legislation called the Health Information Technology for Economic and Clinical Health Act, or HITECH Act. Under the HITECH Act, organizations are advised to implement data encryption technology within their system networks. These measures attempt to prevent unauthorized people from accessing patient information in the event of a system security breach. Firewall protection requirements are designed to prevent the likelihood of a system security breach. Email security requirements, though partially handled by a reliable firewall system, can further be secured through encryption software.


Authentication and Access Requirements


The ongoing exchange of patient information between health organizations, insurance providers and referral agencies exposes patient information to a series of users and facilities. To prevent unauthorized access, network system requirements under HIPAA mandate the use of a medical billing code system that provides a standardized method for recording services rendered and transacting patient billing information between health-related organizations and third-party payers, according to the American Academy of Family Physicians. Organizations handling patient information also are required to maintain updated patient authorization forms that permit organizations to store, record and transmit patient information. In terms of patients being able to gain access to their own records, HIPAA requires organizations to take measures to ensure patient information is available in the event of a fire or a system failure. Compliance with this provision requires organizations to have a reliable backup system capable of storing patient information and/or recovering lost data.


Auditing Requirements


Under HIPAA, auditing requirements refer to an organization's ability to monitor how authorized personnel are accessing patient records, according to the American Academy of Family Physicians. To do this, a system network must be able to assign unique user names and passwords and assign user access levels for everyone who accesses the system. User access levels limit the types of information a particular user can view and can restrict user access to a particular set or department of patients. Auditing requirements also include tracking provisions that show who accessed a particular record, what changes were made and what the record looked like before any changes were made. In effect, HIPAA sets required guidelines for a system network, allowing organizations to customize these requirements according to how their operations are structured.







Tags: patient information, Academy Family, Academy Family Physicians, according American, according American Academy, American Academy, American Academy Family