HIPAA Compliance Guide

For joining the Medical HIPAA team, please watch the following video.

Video Transcript

Welcome to the HIPAA for TranscribeMe Compliance Training. This video will describe the ways in which we must and do comply with HIPAA standards.

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It is a federal law which required the creation of standards to protect patient health information from being disclosed without the patient's knowledge or consent.

There are certain actions you should follow to ensure HIPAA compliance, including legal requirements for how you will be provided with regular information security and privacy training, along with ongoing awareness communications. Understanding and practicing good security and privacy practices at your home and away from an office is important. This also allows you to protect your own information as well as your family and friends.

Passwords & Computer Security Tips

Passwords are required pretty much for everything these days. It is important to make sure you use strong passwords to stay HIPAA compliant.

Here are some tips for creating and using strong passwords:

Strong Passwords
  • Do not use words that can be found in any dictionary of any language.
  • Do not use passwords based on personal information such as pet names, addresses, or date of birth.
  • Use both lowercase and uppercase letters with numbers and special characters.
  • Use different passwords on different systems.
  • Do not use the same password for accessing your financial information like bank or credit card, email, work system, and social media.
  • Change passwords if you suspect others may have discovered them.
Computer & Cybersecurity
  • Always use up-to-date security technology to protect your computing and storage devices from malicious software.
  • Encrypt data to prevent others from seeing it if they steal or find your computer or storage device.
  • Use personal firewalls on your computer to protect against all the bad code and ongoing attempts to get into your system.
  • When installing your system, click on Yes when asked by the software company in order to get automatic updates of their code.
  • Make sure that your computer applications are patched and protected against well-known threats.

Protecting Data

Privacy breaches often occur because data is not stored securely. Your data must be protected both physically and digitally, encrypting data on computing devices such as laptops, mobile, electronic storage devices, smartphones, tablets, etc.

Do not store sensitive data on online storage sites such as cloud computing services.

Do not use public computers to do anything involving personal or other sensitive information.

Newer desktop and laptop computers often come with wireless transmissions enabled by default, and smartphones, tablet computers, and even cars and home appliances have wireless data communications capabilities. These wireless networks also typically come with no security automatically enabled. Therefore, you must ensure that you encrypt all wireless networks you use, including on your business wireless network and even on your home wireless network.

In order to keep your data protected, you must practice these seven things:

Protecting Your Data
  1. Use and protect unique passwords
  2. Follow effective systems and data security practices
  3. Securely store information
  4. Make sure any electronic messaging is secure
  5. Learn safe practices online
  6. Secure your work area
  7. Protect your wireless connection

Social Media and Networking: Maintaining HIPAA compliance and protecting PHI

Now we are going to cover general security and privacy actions you need to follow in order to protect data and remain HIPAA compliant while using social media and networking sites. More individuals and organizations are using social media than ever before. This includes the medical community. We need to be aware of any information shared on these sites; otherwise, large penalties can be enforced.

Remember, just like Mama told you, anything posted online could potentially be there forever. A patient is free to post their personal data on social media, as they are agreeing to share their information online themselves. This does not mean we can post their information. All covered entities and/or business associates have to consider the content of any information they post regarding patients. Examples of HIPAA breaches include an insurance agent who used Instagram to give claims information or a doctor who asked a patient on a date after seeing her profile on a dating site.

There is an increasing number of scams targeting social media users, as it can be quite easy to gain information from personal posts. These include scams and cybercrime, spear phishing, social engineering, spoofing, malware, keyloggers, and denial of service.

What is PHI?

PHI stands for Protected Health Information, which is the information protected under the law that is not to be shared without informed consent of the patient. This is a list of specific items defined by HIPAA as PHI.

The 19 identifiers that make health information PHI are:

PHI Identifiers
  1. Names
  2. ZIP codes
  3. Dates (except for the year)
  4. Telephone numbers
  5. Geographic data
  6. Fax numbers
  7. Social Security numbers
  8. Email addresses
  9. Medical record numbers
  10. Account numbers
  11. Health plan beneficiary numbers
  12. Certificate and license numbers
  13. Vehicle identifiers and serial numbers, including license plates
  14. Web URLs
  15. Device identifiers and serial numbers
  16. Internet protocol (IP) addresses
  17. Full-face photos and comparable images
  18. Biometric identifiers such as retinal scan or fingerprints
  19. Any unique identifying number or code

You should never share these online, as you will have violated HIPAA compliance.

Protecting PHI

All covered entities and business associates are required to protect PHI. Many business associates believe that PHI covers data involving treatment only. In fact, it covers data for payment activities and operations such as to support communications as well.

To reiterate, a patient or insured can post their own patient information onto a social media site. You cannot post that same information. All business associates and covered entities must follow all HIPAA security rules and HITECH Act requirements. Penalties for violating HIPAA by posting PHI online could potentially cost $1.5 million per violation.

While using social networks, do not post about coworkers, patients, customers, or even details about your work. Do not sync work computing devices with personal devices, which may be used to post to social networks. You could accidentally post PHI from work to a social network, especially if you have mobile apps on those devices.

In Summary
  • Learn, follow, and remember information security and privacy policies for social media use.
  • Do not post any PHI to any social media site.
  • Separate personal and professional social networking sites, profiles, and email accounts.
  • Report HIPAA violations or noncompliant behavior to the appropriate authorities.

This concludes the TranscribeMe HIPAA Compliance Training video. We hope you enjoyed the video while learning everything you need to know to be HIPAA compliant at TranscribeMe.

Still need help? Contact Us Contact Us