- 0
- 431 words
Online medical enterprises have been growing, and the US Department of Health and Human Services (HHS) has seen an exponential increase in the number of HIPAA enforcement actions. Healthcare has disclosed many sizable settlements with businesses that disregarded HIPAA regulations since the year’s commencement. For instance, in January, phi was discovered on a stolen portable USB device, leading to a breach that generated in a $2.2 million settlement between the health insurance company and the department of health. Additionally, the health department of a medical facility was hit with a $3.2 million fine by the department of health in February due to a breach resulting from the theft of an unencrypted laptop that contained data. It is advisable to make sure that your medical website complies with the law since this enforcement action is starting to become the norm. You need to make sure that your website complies with hipaa regulations if you are managing any phi on or via it. The following suggestions (which is by no means exhaustive) will help you handle the security and privacy of Php that your website may handle: •unique user identification: in order to measure use, every user should have a unique user ID. •automatic logoff: Put in place electronic security measures that cause an online session to end after a certain amount of inactivity. • Authorization: Only those with permission should be able to access the phi. •storage: Phi data that is preserved or saved has to be encrypted. •fire transfer protocol: avoid using file transfer protocol (FTP) to transmit patient data. •remote access: use a virtual private network (VPN) to access data remotely for telecommuting purposes. This establishes a transient encrypted connection that is only active for the duration of the session. • SSL encryption: Sensitive data, such as financial and medical information, may be encrypted using an SSL (secure sockets layer) certificate to enable safe online data transmission. • Information must be delivered via a secure network; data protected by hipaa should never be forwarded to an unsecured email account over an unencrypted network. This data must be encrypted from the sender to the receiver in order for you to receive it via email. An alternative would be to keep the data on your hipaa-compliant server and configure email notifications to go off whenever a user submits fresh information to your website. Instead, people would access the data by logging onto your server account. •Privacy policy: In order to be hipaa-compliant, your practice’s privacy policy and the legislation must be updated on a regular basis.
I love myBlogd
Author
jackemails@gmail.com