HIPAA highly regulates access to health information, even in a home office.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is enforced by the Office for Civil Rights (OCR) under the U.S. Department of Health and Human Services. Record storage in a home office, just as in a large corporation, follows specific standards under the Security Rule to ensure information is kept confidential and can be classified by administrative, physical, or technical safeguards.
Administrative Safeguards
The OCR's Security Rule defines administrative safeguards as "administrative
actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic (or written) protected health information (PHI)." Policies and procedures are required to prevent and correct breaches in the unauthorized use of PHI. A designated person to develop and monitor the security policies is also required. Another administrative safeguard is to ensure that only appropriate people have access to PHI. A person without a need to use another person's health information, such as a spouse or child, does not have access.
Physical Safeguards
The OCR's Security Rule defines physical safeguards as "physical measures, policies, and procedures to protect a covered entity's electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion." Policies and procedures are required to restrict access to the facility where PHI is stored. Door locks, locked filing cabinets, and password-protected electronic access to records are examples of restricted physical access. Workstations, such as laptops and desktop computers, are required to have specific functions. Unauthorized use of a workstation may lead to the compromise of PHI through virus attack or breach of confidential material. Another physical safeguard requires policies to determine how PHI on an electronic device is destroyed or removed from the home office.
Technical Safeguards
The OCR's Security Rule defines technical safeguards as "the technology and the policy and procedures for its use that protect electronic protected health information and control access to it." Technical safeguards are achieved by regulating who has access to information by setting login requirements on workstations. Software to monitor who views PHI on a workstation is also required.
Tags: health information, Security Rule, Rule defines, Safeguards Security, Safeguards Security Rule, Security Rule defines, also required