Effective Date: January 1, 2008
HIPAA (Health Information Portability and Accountability Act) is a federal law that protects health information. Federal standards are now in place that ensure patients have access to their own medical records while adding new responsibilities to those charged with protecting this information.
For those in the business of providing access to information, these regulations are the proverbial double-edged sword. If patients now have expanded access to their own medical data, the quickest, cheapest and most convenient manner to provide this information is electronically through the internet. So those involved in designing web applications and hosting web sites can expect to see new HIPAA related opportunities. However, with these new opportunities come new responsibilities. The security provisions detailed in HIPAA are exacting. Working within the scope of HIPAA places an onus on web designers to ensure that potentially sensitive medical information is kept private.
In order to comply with HIPAA, we have created specific policies and procedures, and have reviewed them with HIPAA experts for completeness and applicability. These policies range from login and password procedures to disaster recovery plans. We have made every effort to assure your data is safe and secure under our supervision, and review our practices on a regular basis to assure this in the future.
If either of these rights are not adequately provided for, patients now have the right to lodge complaints and force those in possession of this data to make it available to them. Conversely, if patients find out their information was accessed by parties who should not have access to it, patients now have the right to demand both civil and criminal penalties under the Privacy Rule.
In this context, the benefits of providing protected information through the web are obvious. Compared to the cost of patients going through medical personal to gain access to their records, direct access through the internet is a far cheaper solution in the long run. Also, storing and transmitting this data electronically allows for a simplified means to monitor who has access to protected information.
HIPAA Security Rules
Each section must have defined procedures that ensure medical data is protected. For HIPAA compliant web designers and web-hosting providers, the implications of this rule are immense. HIPAA entities looking for secure solutions need to ensure the applications they choose to employ meet the security demands defined in the rule.
HIPAA entities must also make sure that those companies they work closely with follow these safeguards themselves. As a vendor or partner to HIPAA entities, those companies charged with providing web-enabled solutions must ensure that the business practices they employ will stand up to the scrutiny of the HIPAA security rule.