HIPAA compliance was this month’s topic at the Eastern Oklahoma Medical Group Management Association (EOMGMA) meeting with presenter Jennifer Bates of
ECFS Billing. HIPAA (Health Insurance Portability and Accountability Act of 1996) is the U.S. legislation that provides data privacy and security provisions
for safeguarding medical information, else risk steep fines or worse. Our first encounter with HIPAA regulations is likely as patients by way of a
Protected Health Information (PHI) release authorization form required by medical providers, but the thread of data security goes much, much deeper.
We are in a world of smartphones, laptops, and tablets that allow us to carry and/or access company data from a variety of locations and wifi servers. No longer is company data restricted to in-office use only. As I listened to the precautions outlined by the security risk analysis that every health care provider must take in order to ensure HIPAA compliance, I reflected on the fact that ALL businesses should adhere to many of the same restrictions in order to protect their company and employee information.
- If through lack of security controls a malicious criminal accesses your system and takes it hostage, you may have no data available to conduct business.
- If through lack of training and education, your staff do not keep corporate or client information secure, your employee’s and/or customer’s privacy could be compromised.
- If through lack of data or application controls, the accuracy of your data is compromised and loses integrity, the quality of your business’ work product could be impacted. [HealthIT.gov]
These three system/data goals: availability, confidentiality, and integrity are the reasons why appropriately securing the data for which you are responsible is mandatory in today’s technological environment. By addressing these 3 important goals, businesses must build effective policies, procedures, staff education, and security controls to enable use of technology without compromised security.
This website is owned by CS3 Technology. CS3 Technology is independent from Sage and is not authorized to make any statement, representation, or warranties or grant any license or permission on behalf of Sage regarding any product, service, or website content. Certain materials made available on or through this website are owned by Sage and cannot be used without the prior written permission of Sage.