city

Healthcare Compliance

HIPAA Compliance Guide for Healthcare Companies

updated:
9.29.21
HIPAA Compliance Guide for Health Care Companies

The purpose of medical HIPAA laws is to prevent theft, erasure, and unauthorized use of digital data that health care providers collect on their patients. The law is rather complex, and the consequences for violating it are significant. You are going to need the assistance of legal counsel with experience handling HIPAA compliance.

Three HIPAA Compliance Rules

HIPAA legislation tells you how to comply with HIPAA by including the Security Rule, which sets forth mandatory “best practices” rules in three areas: administrative, technical and physical. HIPAA includes rules for each of these three areas. The purpose of these three sets of rules is to safeguard the confidentiality, integrity, and availability of patient medical records.

Administrative Safeguards

A “covered entity” (an entity subject to HIPAA jurisdiction) must comply with certain administrative rules. These administrative rules safeguard the accuracy and availability of patient records. The requirements include establishing written privacy procedures, appointing people with responsibility for privacy issues, instituting employee training programs, and dealing with security breaches.

Physical Safeguards

HIPAA includes restrictions on physical access to systems containing patient data. These restrictions include:

  • Monitoring physical access to hardware containing confidential patient information;
  • Requiring a security clearance to access specific software and hardware;
  • Training third parties, such as contractors, on physical access restrictions.

These standards can help your company avoid physical theft, copying, erasure and unauthorized access.

Technical Safeguards

The technical standards imposed by HIPAA include:

  • Documenting HIPAA practices and sharing this documentation with the appropriate government officials;
  • Instituting a risk analysis program;
  • Implementing a risk management program; and
  • Monitoring data to protect against unauthorized erasure.

How to Protect Your Medical Company

The HIPAA Privacy Rule places restrictions on a covered entity’s use and disclosure of Patient Health Information (PHI). PHI includes any patient information, whether in oral or written form, that concerns a patient’s health status, payment history, and health records. The covered entity must appoint at least one Privacy Officer whose responsibilities include HIPAA privacy compliance. The duties of a Privacy Officer include:

  • Monitor the entity’s HIPAA compliance;
  • Conduct staff training on the HIPAA Privacy Rule and HIPAA compliance laws;
  • Record all codes and keep track of the accessibility of PHI records (who can see them, who can copy them, etc.);
  • Secure all confidential information, both digitally and physically;
  • Restrict access to the software;
  • Apply a “need to know” standard to PHI compliance;
  • Inform patients of their rights; and
  • Defend and support patient privacy rights.

The items on the foregoing list are not exhaustive. You might need to take other steps to ensure patient privacy, including seeking HIPAA legal advice.

Don’t Hesitate to Contact Us

Protect your company from professional and financial penalties--make HIPAA compliance a priority. Our business lawyers possess extensive experience in handling HIPAA compliance cases.

At Sequoia Legal, we stand ready to help you create a HIPAA compliance system and maintain it in good working order. Act now to protect your company against significant legal liability. Simply call (303) 476-2851 or contact us online to schedule a free consultation.

Written by:

Hunter Boone

Recent Posts

View All →