Data Protection, Backup, and Recovery

Protect Your Communications with a HIPAA Security Rule Checklist

HIPAA Security Rule checklist

As HIPAA compliant businesses, it is the duty of all dental practitioners to safeguard protected health information (PHI) and electronic PHI (ePHI) at all times – meaning HIPAA compliant file sharing solutions must be in place to comply with the HIPAA Security Rule. The HIPAA Security Rule is an extensive piece of legislation that can be a real challenge to come to grips with. To ensure you’ve got all the bases covered, a HIPAA Security Rule checklist will prove an invaluable document that you can refer to periodically to make sure you remain compliant.

What Does the HIPAA Security Rule Entail?

The HIPAA Security Rule outlines the standards and safeguards that must be applied in order to protect electronically created, processed, and stored ePHI – both at rest and in transit. The Rule applies to any HIPAA-covered entity or business associate (including healthcare organizations, health plans, and clearinghouses) that has access to ePHI. The HIPAA Security Rule is made up of three parts – technical safeguards, physical safeguards, and administrative safeguards – which together form the HIPAA Security Standards.

HIPAA Security Rule checklist

(Image source: hhs.gov)

What About the HIPAA Privacy Rule?

The HIPAA Privacy Rule also applies to covered entities and their business associates. It establishes standards for usage and disclosure of PHI (electronic, or otherwise), as well as the rights of individuals regarding their own PHI and ePHI. In essence, the HIPAA Privacy Rule is designed to regulate who can have access to PHI, the circumstances in which it can be used, and who it can be shared with. In addition, the HIPAA Privacy Rule establishes what constitutes as individually identifiable health information, or PHI. Put simply, any individual identifier (such as a name, address, telephone number, etc.) that is stored in combination with that individual’s health information constitutes PHI.

HIPAA Security Rule checklist

(Image source: totalhipaa.com)

HIPAA Compliance and File Sharing

While the Privacy Rule regulates the privacy of individually identifiable health information and who that information can be disclosed to, the Security Rule defines how the information is stored on electronic media and transmitted between digital devices. In other words, the Security Rule is designed to complement and operationalize the Privacy Rule. As the US Department of Health and Human Services (HHS) puts it: “The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called ‘covered entities’ must put in place to secure individuals’ ‘electronic protected health information’ (ePHI).”

So, what does all this mean when it comes to sharing files that contain ePHI with patients, colleagues, and partners? Corresponding by email or text is of course common practice in today’s health care world. What this means, however, is that secure file sharing must become an essential practice for dental practitioners if they are to achieve total HIPAA compliance.

Your HIPAA Security Rule Checklist

While the HIPAA Security Rule does not expressly prohibit the use of either email or text to transmit ePHI, there are nonetheless certain practices that must be followed to do so securely and in accordance with HIPAA. To make sure you’re following the Security Rule to the letter, we have created a handy HIPAA Security Rule Checklist covering the key technical and administrative safeguards you need to have in place when communicating and sharing files electronically.

The HIPAA compliance checklist covers internal communications, as well those with external parties, including patients. Key elements include:

  • Are you using encryption technology when sharing ePHI?
  • Do you have procedures in place to alert patients to the risks of transmitting ePHI without encryption technology using a standard Duty to Warn?
  • Do you have an alternative secure and encrypted method of providing information to colleagues, partners, and patients?

Download the full HIPAA Security Rule Checklist to get total peace of mind that you are entirely HIPAA compliant when sharing ePHI.

New call-to-action

Ensuring HIPAA Compliance When Sending and Receiving ePHI

One of the most important requirements to ensure HIPAA compliance is that your communications and files are adequately encrypted both at rest and in transit. The only way to do this is with Encrypted Sharing tools. As the name implies, Encrypted Sharing applications encrypt files in real-time when sent or being stored. Encryption ensures files are protected against the constant threat of data breaches that plague the health care industry.

At Central Data Storage (CDS), our Encrypted Sharing solution encrypts not only email communications, but instant messaging communications and any files attached to those messages as well. In addition, our easy-to-use encrypted file sharing mobile and desktop apps come with robust access controls and audit controls – both of which are equally crucial for full HIPAA compliance.

With beyond-military-grade encryption, our encrypted file transfer solutions give you:

  • The ability to collaborate with anyone
  • Full accessibility to the files you need from anywhere
  • Full protection of ePHI in accordance with HIPAA Rules

More than just a software provider, at CDS we work with our clients as true partners – helping them conduct a full risk analysis of all their data and guiding them through best practices on developing, implementing, and updating HIPAA policies.

Download your free HIPAA Security Rule Checklist to make sure you’re in full compliance with HIPAA. You can also talk to us here at Central Data Storage anytime to discuss your data storage and file sharing needs.
Call 1-888-907-1227, email
info@centraldatastorage.com, or start your Encrypted Sharing Free Trial today

A penny for your thoughts...

This site uses Akismet to reduce spam. Learn how your comment data is processed.