What is HIPAA

HIPAA Compliant Software – Protecting a Patient’s Virtual and Physical Privacy

HIPAA, or the Health Insurance Portability and Accountability Act of 1996, establishes guidelines for medical professionals handling medical records and information. With the rise of electronic records and online medical databases, HIPAA-compliant software must adhere to stringent Electronic Health Record (EHR) security standards to meet HIPAA Security Rule guidelines [1].

Secure Internet Server

HIPAA-compliant software employs SSL (Secure Socket Layers) to ensure that only authorized users can access data. Information is stored securely, modifications require authorized access, and all changes are logged.

Database Encryption

Patient files, messages, and other information are encrypted, transforming readable data into code that cannot be deciphered by unauthorized individuals intercepting the data.

Secured Admission Controls

User IDs and passwords are managed by an administrator, typically allowing password changes only once every 30 days. In some cases, password updates may be mandated every 30 days to prevent unauthorized access by someone who might observe a password being entered.

Session Timeouts

HIPAA-compliant software includes session timeouts to prevent information from being left visible on a computer screen. Automatic log-off requirements [2] ensure that users are logged out after periods of inactivity. Timeouts can be set for short periods, such as 30 seconds or less. In clinical settings with restricted access, longer timeout sessions may be permitted.

Monitoring of Server

While secure socket layers, database encryption, secured admission controls, and session timeouts are essential for protecting patient information, they do not eliminate the risk of hacking attempts. Continuous monitoring is critical to detect infiltration attempts. Under the HITECH Act [4[, business associates are now directly liable [3] for ensuring patient data security, making robust oversight mandatory. Universities, such as the University of Wisconsin–Milwaukee [5], also provide guidance on translating HIPAA security standards into technical workflows.

References

  1. HIPAA Security Rule – Technical Safeguards (HHS.gov PDF)
  2. HIPAA Compliance: Session Timeout Rules (Censinet)
  3. Direct Liability of Business Associates (HHS.gov Fact Sheet)
  4. HITECH Act – Overview (Wikipedia)
  5. HIPAA Security Guidelines – University of Wisconsin–Milwaukee