6 Hipaa Computer Storage And Recovery Rules

Submitted by: Greg Garner

HIPAA or the American Health Insurance Portability and Accountability Act of 1996 are defined as rules that must be followed by hospitals and health care providersand this includes dentists, doctors, psychologists and chiropractors as well as hospitals and any other type of medical establishment. HIPAA ensures that medical records, billing, insurances, and notes meet consistent rules in regards to handling, privacy, and documentation.

Health care providers or clinics that computerize or electronically stores or transmits medical records including insurance claims remittances, or certifications must comply with HIPAA regulations. You do not need to purchase a computer specifically for your clinic if you do not have a computer system, but patient security is still a rule. HIPAA rulesbasically apply to electronically stored and transmitted medical transactions and patient data but mailed patient data is also protected.

Patients must be able to access their own records and correct omissions or errors. Patients must also be told how their personal information is shared or transmitted; be it electronic, over the phone, or mailed to other providers. Patients must also receive and sign notifications of privacy procedures that are produced by the medical clinic. If medical records are transferred to different facilities, patients must be immediately informed.

[youtube]http://www.youtube.com/watch?v=riH3JHxtyNM[/youtube]

HIPAA s Security Rules list very specific ways to store and retrieve medical records. There must be firewalls in place on patient record computers and clinic computer operating systems must be hardened and current. All backup systems are also required to be protected. There must be written rules available in the clinic as to how the hardware, firmware, software and operating systems and applications are handled. Everything must be password protected, and these passwords must be kept in a secured location.

Disaster backup and recovery plans as well as policies and procedures need to have specific written rules on how to keep the clinic running and how to recover lost patient data in the event of an electrical or computer malfunction. If you choose to keep patient records manually or in paper files, these must be locked in a secure area when the clinic is closed or compromised.

If computer emergencies happen, documentationconcerning the loss of data or mishandling of patient information needs to be acknowledged, immediately fixed and plans put in place to prevent future loss or breakdowns. HIPAA requires these backup emergency plans to be written down and available for employees to follow.

HIPAA training needs to be formal and training needsto transpire on a regular basis. HIPAA advises that this training be no less than once per year. Employee awareness, passwords, workstation access and software use plus virus information and critical computer operations need to be a part of this training.

Specific policies concerning who has access to patient records, courses and information needs to be set. These policies should also pertain to IT personnel who have availability to computer systems and the ability to modify access.Everyone who handles patient records needs to be trained, sign off on training and held accountable.

About the Author: For more information, please visit our

HIPAA training

website.

Source:

isnare.com

Permanent Link:

isnare.com/?aid=1624958&ca=Advice