How to follow HIPAA Compliance Regulations with your IT System

hipaa compliant IT support

Forbes Magazine stated that in 2015 alone, more than 250 million healthcare breaches occurred, which affected more than 500 individuals, according to the Office of Civil Rights under Health and Human Services’ 2015 report.

HIPAA requires that these numbers be published annually to keep the public notified of the enormity of the breaches. All violators’ names are published in what is known as Healthcare’s Wall of Shame.

Alarmingly, four of the top ten breaches occurred on individual physicians’ desktop computers. To help your medical office to follow HIPAA-compliant regulations to secure your patient data and to prevent the health records from being stolen, lost or inappropriately disclosed, follow these rules:

Require hyper-encrypted secure software on all of your electronic devices that may include patient data and confidential information. Don’t allow emails to be sent without encryption, either within your office or externally. If patient information will be posted within the email, require that all employees list an encryption key word in the subject line of the email. Require employees to enter passwords even before they can access their computers and additional passwords for emails and EMR usage.

All of your computers will require passwords, but add an additional level of security by using an administrative password that your expert IT support team will hold. (You and perhaps your office manager will know this password.) When ancillary providers, such as laboratories, need to install software on your computers to give you access to lab reports, ask your IT team to remotely log in to your network to give access to the providers, instead of allowing a staff member to type the administrative password. As more providers begin to share health informatics with each other, this becomes even more important.

According to Becker Hospital Review, one in three health records will be compromised in 2016. Since cutting-edge protection can tell the physicians which employees have illegally accessed the data, they are able to take appropriate measures, such as immediately terminating the employees. Require your employees to sign confidentiality agreements, acknowledging that they will be fired if they view or share patient data. This is uniquely important for physicians and hospitals who have celebrities as patients; movie and television stars’ patient records have been rumored to have been sold to magazines and gossip sites.

Regardless of who the patients are, “all healthcare data is really valuable from a cyber criminal standpoint. It could be 5, 10 or even 50 times more valuable than other forms of data,” said Lynne Dunbrack, research vice president for IDC’s Health Insights. Healthcare records often have Social Security and credit card numbers that get stolen, but the numbers are also used by criminals to file fraudulent medical claims and to get prescriptions filled, allowing them to resell the pharmaceuticals on the street.

To further prevent security breaches from occurring on your network, use advanced system protection, such as frequent security scans. Your IT system should include strong protection from all forms of viruses and malware, as well as email-borne threats and hackers. We can help you become HIPAA compliant. Learn about our risk intelligence and remediation service at