Saturday, October 22, 2011

Medical Web Forms Must Be Designed To Conform To The HIPAA Requirements by Jim Peterson

One of the many responsibilities as a business is to keep data secure, especially personal information. With so much information being sent from place to place through paper and digital documents there are frequent chances for loss of information or breaches in security. As a business it is necessary to keep information safe and follow the HIPAA requirements. Failure to comply with with the HIPAA can result in stiff penalties as well as ruin your reputation as a business. That is why certainty of legal privacy responsibilities is essential.

Medical web forms are no exception to the HIPAA. They must be designed in accordance to the HIPAA. Confidentiality of information must be respected. Protected Health Information (PHI) has a specific rule for electronic information (EPHI), the security rule. The security rule contains safeguards: Administrative, Physical and Technical. Physical safeguards should be implemented at the clinic before the web form is created as information is not safe unless the workspace is already secure and EPHI friendly.

Administrative safeguards ensure that policies and procedures are in place. Responsibilities such as limiting access to EPHI to only those who require it to complete their job and creating a written set of privacy procedures are required to be fulfilled. A contingency plan must be in place for backing up and recovering information, as well as procedures for treating and responding to security violations.

Technical safeguards control access to computer systems and protection of PHI sent over open networks. Encryption should be used for sending information over open networks to prevent interception by anyone other than the designated recipient. Data corroboration such as double-keying or password systems should be used for authentication or to ensure data integrity. Risk management and analysis in documentation is required to understand possible risks and comply with the act.

Patient data should be kept secure through these procedures. Procedures should ensure that patient information has not been changed or erased with out authorization. Web forms should include security features to ensure that the data is not sent between the patient and the clinic unprotected. Policies concerning rights of access to private information should be in place for staff.

Documentation of HIPAA practices should be available for the government. Web forms should be designed to send information in encrypted forms to reduce risk of security breaches. Routine and event based internal audits should be in place to prevent potential violations. Options for alternate information in web forms should be given to ensure confidentiality of communications of individuals.

Before a medical web form is designed for a business, HIPAA requirements must be completely reviewed so that it does not violate any of the EPHI security act.

Security measure must be set up before the web form is available for use. Patient information is entirely confidential and it is unlawful to allow for any breach of security.