The purpose of the Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. Today healthcare organizations must collect data. Otherwise, it is impossible to render needed or desired services in a consistent, scalable manner.
Modern healthcare offices, hospitals, and clinics now leverage technology EHR (Electronic Health Records) to streamline data capture, storage, and hand-off improving access to patient data. This access allows for real-time accessibility of the most current patient information and files improving operational efficiency, quality of care, and positioning for patient experience optimization.
REquirements for CompliaNce to Security Rule
According to the U.S. Department of Health & Human Services website, there are four general rules that "covered" entities must comply with to avoid penalties and fines. First is to ensure the confidentiality, integrity, and availability of all e-PHI (Electronic Protected Healthcare Information) they create, receive, maintain or transmit. Second is to actively identify and protect against reasonably anticipated threats to the security or integrity of the protected information. The third is to protect against reasonably anticipated, impermissible uses or disclosures. Fourth is to ensure compliance by their workforce.
For HR to successfully comply with HIPPA security policies and procedure compliance, there are arguably six tenants that must have active management. Of course, the best practice is first to minimally employ an HR expert to audit and inform against the effectiveness of the HIPPA compliance program.
HIPPA Security Policies and Procedures HR Compliance Tenants
- Proactive and Timely amendment of Business Associate Agreements and HIPPA compliance plan documents
- Selection and redundancy around a role responsible for HIPPA Security
- Access control to e-PHI
- Development and implementation Written Policies specific to HIPPA security compliance requirements
- Security awareness training for all staff
- Contingency planning
pinnaclesolveshr is well versed in coming alongside organizations to mitigate HR risk in all areas, not just HIPPA compliance. We exist to deliver simplification by cost-effectively removing the HR burden. We solve HR so you can run your business.
Download our HR Compliance 2017 Guide