Where Are You on HIPAA Compliance?

Electronic Health Records for HIPAAHealthcare information and the push to adopt Electronic Health Records by 2014 can be very intimidating.  The Medicare and Medicaid programs provide incentives to eligible professionals, hospitals and critical access hospitals as they adopt, implement, upgrade or demonstrate meaningful use of certified Electronic Health Record (EHR) technology.  For many healthcare professionals, this is a daunting and scary proposal.  Firstly, it can change the way a practice is conducted.  Secondly, the cloud or internet can be a very confusing place.  The prevailing notion of the cloud is that is it an unsafe place over which you, as a user, have no control.


Healthcare software companies can help professionals and hospitals through this.  Find a solution provider that can deliver the services that you need, not simply the one that they want to sell to you.  As with any industry where privacy and security are paramount, you should insist that within a cloud-based, multi-tenant service, you have all of the transparency that you want for:

  • Control of your systems and data
  • Integrity of your systems and data
  • Availability of your systems and data

This can be delivered in a variety of ways but all must be verifiable and compliant.  While the concept of compartmentalization might be new to some, the defense and government industries have been using it for years.  Simply put, this means that data are to be placed in classification buckets or compartments and people, by means of their background and job function, have access to the compartments needed by them.  As important, this concept ensures that those with no need to access a certain compartment do not have access to that.

As you determine how you are to adopt EHR, keep these values at top of mind.  When these criteria are met and your business objectives are achieved, you will be sitting pretty in the HIPAA, HITECH and EHR world.

Image credit: The National Guard

Jeff Reich, Layered Tech Chief Risk OfficerAbout the Author: As Chief Risk Officer at Layered Tech, Jeff Reich (@LayeredTechCRO+Jeff Reich) drives the company’s security and compliance services and guides risk mitigation efforts for clients. With more than 30 years of experience, Reich is a well-known risk management and security expert in the industry. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow.

Comments are currently closed.