Privacy, security controls for healthcare HIPAA compliance

For HIPAA healthcare compliance, providers and other healthcare organizations need to prepare for HIPAA audits and use effective privacy and security controls.

In the world of healthcare HIPAA compliance, it's all about preparing your organization for HIPAA audits by training employees and putting effective privacy and security controls in place.

That insight came from SearchCompliance senior site editor Ben Cole during a HIT Squad podcast episode produced by his colleagues, SearchHealthIT writers Kristen Lee and Shaun Sutner.

A guest on the podcast, Cole says protecting patients' health data is paramount for healthcare HIPAA compliance, and "enforcement could come very soon" in the form of HIPAA audits by the U.S. Department of Health and Human Services' Office for Civil Rights.

Providers and their business associates that handle protected health information (PHI) could also be audited, Cole notes.

One critical task in healthcare HIPAA compliance for covered entities, or healthcare organizations governed by HIPAA privacy and security rules, of all sizes is performing security risk assessments, but "sometimes entities don't know they have to do it," Cole says.

Cole says a big area of concern in healthcare HIPAA compliance is securing communication on the mobile devices that have become ubiquitous in health IT. Other factors fall under human behavior, such as training physicians and other clinicians not to talk about PHI in public places such as restaurants.

Healthcare organizations, however, should not shy away from rapidly evolving technologies such as mobile and cloud because of security fears, but rather work to use the tools in compliance with HIPAA, Cole says.

As for getting C-suite executives to buy into the idea of PHI privacy and security, CISOs and others charged with healthcare HIPAA compliance should articulate the financial and business risks of sustaining a major PHI breach. Not only could organizations be fined, but they could also suffer major damage to their brands, Cole says.

"The money issue is one thing that is really going to attract the attention of the C-suite," he says.           

Next Steps

Many physicians still readying for HIPAA audits

The Office for Civil Rights sends a warning to covered entities, business associates

Texting PHI results in unnecessary risks for providers

Dig Deeper on HIPAA (Health Insurance Portability and Accountability Act)