Dedicated to providing the latest
HIPAA compliance news

HIPAA and Healthcare Data Compliance

Share this article on:

Access to healthcare can be considered a basic human right, although many counties have different views on the services that are provided by the state, and to whom. Privacy is also important and can also be considered a basic human right, with the rights of individuals showing just as much variation.

In the UK, British citizens have access to the National Health Service. Formed in 1948, the NHS provides universal healthcare to all but there is no common law right to privacy, although privacy issues can usually be resolved in court.

Across the Atlantic in the United States, privacy laws affect how doctors can operate. If they want to assess how effective treatments are across the country for the treatment of a particular disease, privacy laws prevent them from having automatic access to data from any patient who is not their own. This is a problem, as sharing of patient data enables doctors to gain a better understanding of the treatments that are working the best.

A way around this is for doctors to share some of their patient data using a service such as Sharepoint. Data can be accessed by any doctor that is provided with a login name and password. Access can therefore be made secure. Unfortunately, since data is stored in the hospital’s active directory, it is not possible to demonstrate that the data is being controlled, and that is required under HIPAA guidelines.

Compliance is essential to ensure both data and systems are properly protected and data access is restricted to authorized users. Data includes spreadsheets, word documents and PDF files as well as on-site and offsite networked data storage devices and all networked equipment.

Any organization looking to ensure compliance is required to consider the following three areas:

• Control of data access
• Separation of duties
• Auditing to ensure continued compliance

Access control is essential. All users must be given access only to the data they need with access to any non-essential data restricted. It is important to separate duties to ensure that individuals are not given too much power and knowledge. In order to ensure the above, audits should take place to ensure continued compliance.

Healthcare organizations should have IT departments able to grant or restrict access to databases and Sharepoint sites. They must be able to quickly determine who has access to data and ensure that sensitive data access is restricted. Viewing, accessing and uploading data to any site or storage facility must also be subjected to appropriate security controls.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On