When people think of HIPAA compliance, they generally think that this is something that relates only to doctors’ offices and perhaps health insurance providers. Though these are the primary grounds for the regulations, there are numerous subsets of businesses that also collect, store, transmit, and analyze information that they might not realize falls under the purview of HIPAA.
For example, if you’re developing an app that tracks a person’s health stats or vital signs, or if you are a fitness institution or deal in health supplements, you might be collecting and working with data that is protected by HIPAA. But HIPAA doesn’t just cover a person’s physical health, it also includes a person’s mental health issues, so these regulations can also apply to businesses like life coaches, those who cater to conditions like anxiety and depression, and even those that work with various types of addictions.
As big data becomes more important to business intelligence and marketing efforts, businesses could easily be hosting information covered under HIPAA without even knowing it. Here is your guide to HIPAA compliance.
What is HIPAA?
Information about a person’s health can be used to charge them more or deny them access to health insurance. For instance, health insurance policies might refuse to pay for treatment for a condition that existed prior to the person’ obtaining the policy, or an insurer might deny them insurance based on a previous diagnosis.
In response to this, the U.S. Department of Health and Human Services established HIPAA, which stands for the Health Insurance Portability and Accountability Act of 1996. It was designed to ensure that people could get access to health insurance coverage and not be subjected to extraordinary charges for that coverage. Failure to abide by these regulations can carry substantial fines, up to $50,000.
What Information Does HIPAA Regulate?
HIPAA regulates any individually identifiable information or “Protected Health Information,” also called PHI. This information includes a person’s past, present, or future mental health condition, any physical or mental healthcare they have received in the past, present, or future, as well as any payment for healthcare services the receive. Additionally, information that is not specifically covered by HIPAA becomes subject to these regulations if the information is shared with a healthcare provider or an insurance company.
For example, your new app is designed to count a person’s daily steps to help them meet a fitness goal. As part of your features, this information is passed to a physician, who helps them stay on track. Though the number of steps they take per day is not specifically covered by HIPAA, once it is shared with a healthcare provider, it becomes regulated.
What Does the IT Help Desk Need to Do to Be HIPAA Compliant?
How can you protect your help desk from an accidental HIPAA infraction?
- Know what data you are collecting on consumers. Don’t collect any data unless there is a specific purpose for it.
- Any data that could be under the protection of HIPAA should be protected by strong authorization methods, such as complex passwords and encryption.
- You must have a means to wipe or disable data you store remotely.
- Use strong, up-to-date firewall and malware protection.
- Physical security of the data is essential.
- Restrict access to workstations, devices, and users that are not authorized to view the data.
- Establish a solid business continuity and disaster recovery plan.
- Never buy, sell, or share data that could fall under HIPAA guidelines with a third-party vendor or other outside source.
If a data breach involving HIPAA-protected data is discovered, report it immediately to the Secretary of the Department of Health and Human Services.
An important tool for managing the devices and users on your networks is asset management software. Whether your data is HIPAA regulated or not, asset management can keep your help desk on track when it comes to protecting valuable information and protecting your company from data breaches.