Passing HIPAA audit is daunting task and to be compliant of hosting solutions to pass HIPAA audit several basic fundamentals need to be covered. Just to avoid the heavy fines and getting federal incentives were the major drive for the health care industry to accept the electronic medical record systems, as per the guidelines of the Health Information Technology for Economic and Clinical Health (HITECH) Act.
For each Administrative, Physical and Technical safeguard that are few rules or standards that any covered entity needs to comply with. HIPAA audit signifies that a certified, independent auditor, audits the process, policies, hosting solutions and facilities. To pass an HIPAA audit you need to follow the following tips:
1] Document the data management- Documenting the data management, security, training and notification plans. This will give a clear access to the facts that have been collected and avoid its being leaked to outsiders.
2] Password policy to access- There should be a password access to any information that as been stored. All the information collected from the clients are confidential and only authorized personnel who know the password should be allowed to see the information.
3] Encrypted information- All the public health information (PHI) should be stored in encrypted form so that confidentiality is maintained. This includes all the information either in database or in server. Especially if the information is to be transmitted to third parties or other business associates it should be encrypted. The encryption technique and mechanism for the sensitive information should be known to few people as it will be a step towards safeguarding it. Any information leading to identification of patients like images or scans should be encrypted so that they cannot be identified.
4] Avoid usage of FTP- Using public mode like FTP to transfer information should be avoided. Transformation of information should be done with private mode to maintain the security of public health information.
5] Login retry protection- There should be login retry protection in your application.
6] Save time resources by hosting with company that has Business Associate Agreement (BAA) in place- The files should be in place to help the auditor in audit task as then it can audited on your document rather than conducting a fresh audit. This will save a great deal of time and resources.
7] Mode to access- To get access to any sensitive data there should be SSL web based access. This will help in complying with the HIPAA standards.
8] Remote access- There should be VPN access for the remote access.
9] Plan a disaster recovery plan- This is dreadful situation yet to face it there should be proper documented plan for disaster recovery.
As health care organization dealing with public health information you are liable to maintain the secrecy of information. Your IT department will help with the technology that helps to store and transmit patient’s information but for the successful compliance of HIPAA standards only you are accountable.