HIPAA Regulatory Alert: Many are unprepared for April 20 security deadline
Many are unprepared for April 20 security deadline
Many small physician practices had gaps in three key areas as they attempted to meet the April 20 deadline for HIPAA security standards, according to Dallas-based MedSynergies. Many small practices use older practice management software systems that have not been upgraded to comply with HIPAA, says Judi McClain, who supervises HIPAA compliance for MedSynergies.
The three key problems the company has seen in working with physicians in 23 states are:
1. Lack of data backup plan.
In many practices, medical data are backed up on a tape drive connected to the main computer. In some cases, tapes are stored at the provider’s office. The HIPAA security standards call for providers to be able to access data in case of an emergency so operations can continue. Continuing to store backup tapes at the provider’s office is not an option, McClain says. In the ideal situation, providers would back up data at a secure, remote facility.
2. Lack of access controls.
The HIPAA standards require all users of medical information systems at a medical office to have a two-step log-in. Each user must have a unique user ID and secure password. This is similar to the two-step process required for most on-line financial transactions. However, many older practice management systems don’t require a password or allow users to log in with a common shared user name and password.
3. No audit controls.
The new standards require that the office’s practice management software system keep a detailed record of who has logged on to the system and what data they have accessed or changed. This is necessary in case confidential medical data accidentally is transmitted to the wrong address or inappropriately modified.
[For information, contact Christopher Tammen at (972) 791-1206, ext. 1206, or go on-line at www.medsynergies.com.]
Many small physician practices had gaps in three key areas as they attempted to meet the April 20 deadline for HIPAA security standards, according to Dallas-based MedSynergies.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.