HIPAA is a US standard for protective ePHI (electronic personal health records) below are the technical safeguards that need to be followed:-

• Implement a means of access control (required) – This not only means assigning a centrally-controlled unique username and PIN code for each user, but also establishing procedures to govern the release or disclosure of ePHI during an emergency.
• Introduce a mechanism to authenticate ePHI (addressable) – This mechanism is essential in order to comply with HIPAA regulations as it confirms whether ePHI has been altered or destroyed in an unauthorized manner.
• Implement tools for encryption and decryption (addressable) – This guideline relates to the devices used by authorized users, which must have the functionality to encrypt messages when they are sent beyond an internal firewalled server, and decrypt those messages when they are received.
• Introduce activity audit controls (required) – The audit controls required under the technical safeguards are there to register attempted access to ePHI and record what is done with that data once it has been accessed.
• Facilitate automatic logoff – This function – although only addressable – logs authorized personnel off of the device they are using to access or communicate ePHI after a pre-defined period of time. This prevents unauthorized access of ePHI should the device be left unattended.

If you are not following the above technical rules then your old IT that will need to be disposed of by a professional organisation such as Secure Data Recycling as it will have it’s computer memory stuffed full of passwords and an easy way into patients data.

Need to know more about compliance contact Secure Data Recycling