Most organizations that offer healthcare services in the United States were affected by the security rules of the Health Insurance Portability and Accountability Act (HIPPA) of 1996. Under HIPAA, the United States Department of Health and Human Services (HHS) established a new set of standards for medical records and data security to protect the privacy of a patient’s healthcare information. The HIPAA security rules are classified into three “safeguards”.
1. Organizational policies and procedures—how an organization, agency or other provider handles files, paperwork and patient records, including how long they must be retained
2. Physical security of systems and information—establishing permissions, authorized users, passwords, levels of access, including group and individual account access, and securing the internal network
3. Electronic security of systems and information—backup security and protection of healthcare information if the system malfunctions; establishing secure access to personal healthcare information in emergency situations
HIPPA also requires that a patient’s medical records be retained for at least six years after either the date of creation or the date when last in effect. Each state has varying durations and may require even longer retention periods. The privacy rules of HIPPA apply to only those listed as “covered entities”—which includes individuals, organizations, and agencies that are specifically required to follow the HIPPA security rules. However, whether or not you are a covered entity, the failure to implement proper security can result in harsh consequences for your organization, even including criminal charges.
Electronic document management systems are becoming a popular solution to help those in the healthcare industry work towards complete compliance under HIPPA.
The settings, tools and features within these systems drastically reduce the chance of healthcare information loss or violation of privacy. There are special features that specifically pertain to the three safeguards discussed above. Threats to sensitive information are particularly frequent in the medical industry. Electronic document management helps protect against those threats and the penalties associated with violating HIPAA regulations.