HIPAA Compliant Software – Protecting a Patient’s Virtual and Physical Privacy

 

 

HIPAA, or the Health Insurance Portability and Accountability Act of 1996, sets guidelines for medical professionals and the handling of medical records and information. With the advent of electronic records and online medical record databases, HIPAA compliant software must meet many EHR security standards to meet set HIPAA guidelines.


Secure Internet Server: HIPAA compliant software utilizes SSL, or secured socket layers. When information is protected by SSL no one but authorized users can access data. Information is not stored unless secured. Modification is not allowed without authorized access and all changes are logged.


Database Encryption: Information, messages and patient files are encrypted. Encryption transforms readable words into code that cannot be decoded by someone intercepting data.


Secured Admission Controls: User IDs and passwords are set-up by an administrator and typically allow only one password change every 30 days. Moreover, passwords changes may be forced every 30 days to prevent access to secure files by someone who oversees the entering of a password.


Session Timeouts: Session timeouts are typically set from within the HIPAA compliant software. Timeouts prevent information from sitting idle on a computer screen for passersby to read. Timeouts may be set with narrow time limits of inactivity, such as 30 seconds or less. Longer timeout sessions may be allowed in clinical settings where unauthorized users have no access.


Monitoring of Server: Secured socket layers, database encryption, secured admission controls and session timeouts are crucial to the security of patient information and files, but that does not stop hackers from attempting to infiltrate a medical file system. Monitoring should be constantly in place to recognize attempts to break into the system or “smash” the system from an outside source. Security may be in place to shut down access to medical information if a hacker breeches any layer of security.