Alcea
Technologies HIPAA compliance
In the search for the right agency management
platform, a big “must-have” is a software that meets HIPAA regulations.
HIPAA is the Health Insurance Portability and Accountability Act of
1996. These two rules are otherwise known as the ‘Standards for Privacy
of Individually Identifiable Health Information’(Privacy Rule) and the
‘Security Standards for the Protection of Electronic Protected Health
Information’(Security Rule). Due to the fact that the software is managing
protected health information, it is of utmost importance that the software is
HIPAA compliant.
We have put together a checklist to use when evaluating
software to see if it meets the HIPAA standards. Alcea Tracking
Solutions software is fully HIPAA compliant.
Under HIPAA Security requirements there are
specific provisions for administrative
safeguards, physical safeguards, and access control.
ADMINISTRATIVE SAFEGUARDS [142.308
(a)]
Access
Authorization
Log
In Monitoring
Password
Management
Data
Backup Plan
Disaster
Recovery Plan
Emergency
Mode Operation Plan
PHYSICAL SAFEGUARDS [142.308 (b)]
Facility
Security Plan
Data
Backup and Storage
ACCESS CONTROL [142.308 (c)]
Unique
user identification
Automatic
Log off
Encryption
/ Decryption
Along with the above items, it is imperative
to have your own Business
Associate Agreement with any stakeholder you work with in
order to protect the Personal Health Information (PHI) of the clients you
serve.
Another term that is commonly used for HIPAA compliant
software is “Limiting Access and Use to the Minimum Necessary”. Under the
regulations, this is described as “covered
entity must develop and implement policies and procedures that restrict access
and uses of protected health information based on the specific roles of the
members of their workforce. These policies and procedures must identify the
persons, or classes of persons, in the workforce who need access to protected
health information to carry out their duties, the categories o of protected health
information to which access is needed, and any conditions under which they need
the information to do their jobs.”
What this means for software is that it must provide the ability to create
access levels and user roles to group employees into so that you can
restrict access to PHI that is not necessary for them to do their job.
HIPAA Compliance is the most important
requirement for a software in this space. By following the checklist and
guidelines above you can be certain that the software you choose meets these
standards.