Technology, Healthcare and HIPAA – Protecting Data and Meeting Standards

To meeting the challenge of information security in regards to technology the Healthcare Industry looks to adhere to HIPAA and HITECH Act standards. Both acts outline the specific security standards, listed in the Privacy and Security Rules, which must be taken when developing software that will house public information that must remain safe, secure and private. The security standards are divided into the categories of administrative, physical, and technical safeguards. Regulatory definitions of the safeguards can be found in the Security Rule at 45 CFR § 164.304.[1]

  • Administrative safeguards: In general, these are the administrative functions that should be implemented to meet the security standards. These include assignment or delegation of security responsibility to an individual and security training requirements. (For more information, see 45 CFR § 164.308 and paper 2 of this series titled “Security Standards – Administrative Safeguards”.)
  • Physical safeguards: In general, these are the mechanisms required to protect electronic systems, equipment and the data they hold, from threats, environmental hazards and unauthorized intrusion. They include restricting access to electronic personal healthcare information (EPHI) and retaining off site computer backups. (For more information, see 45 CFR § 164.310 and paper 3 “Security Standards – Physical Safeguards”.)
  • Technical safeguards: In general, these are primarily the automated processes used to protect data and control access to data. They include using NOTE: The security standards do not dictate or specify the use of specific technologies. Volume 2 /Paper 1 9 11/2004:rev. 3/2007 1 Security 101 for Covered Entities authentication controls to verify that the person signing onto a computer is authorized to access that EPHI, or encrypting and decrypting data as it is being stored and/or transmitted. (For more information, see 45 CFR § 164.312 and paper 4 “Security Standards – Technical Safeguards”.)

Healthcare and Medical Industries are now addressing the issue of data storage. Storing protected data in the cloud looks to be the solution and the next big step in the reform of healthcare, with the caveat of keeping the data secure. Again, HIPAA and HITECH play a major role for cloud vendors handling EPHI to ensure security. Also, it must be taken into consideration that most security breaches are due to the negligence of employees, the security of cloud migration will greatly depend on healthcare providers and clients taking the responsibility to implement policies and procedures that strengthen physical and logical security in their data environment.[2]

Finally, the topic of facilitating and linking reimbursement or payments for healthcare services rendered. The solution to this challenge is a fee-for-service system, which is a way for physicians to get paid not on “productivity,” but on metrics that measure value. According to the Healthcare Financial Management Association these metrics could include readmission rates, clinical quality, efficiency, use of EHRs, and patient satisfaction. The task for healthcare providers then changes ensuring internal systems are able to share data, as well as automate end-to-end processes as much as possible, both to increase efficiency and allow providers to redeploy staff and reduce costs.[3] Given this movement data analytics is going to become of the utmost importance.

Tiempo Development utilizes Agile Methodologies to develop customized software-enabled solutions for its clients in the Healthcare Industry. Our software engineers are all experienced in and attain certifications to develop HIPAA compliant solutions, from databases to web applications. Check out our whitepaper, “The Medical Software Evolution,” to learn more about creating HIPAA compliant software!

[1] “HIPPA Security Series – Security 101 for Covered Entities”

[2] Nicole Lewis, “Health Care Is Increasingly Moving to the Cloud, but How Does Security Stack Up?”

[3] Chris Nerney, “5 steps for shifting to value-based reimbursement in healthcare Analytics, analytics and more analytics”.