The Security Rule defines technical safeguards in § 164.304 as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.”
The Security Rule does not require specific technology solutions. There are many technical security tools, products, and solutions available to Covered Entities and Business Associates.
Some of the technical safeguards to protect ePHI include:
- – Enterprise Antivirus for all business devices containing ePHI to protect the computer system(s) from viruses, spyware, malware, phishing attacks and other cyber threats.
- – Unique user identification for all staff logging into systems and applications containing ePHI, allowing a Covered Entity or Business Associate to track specific user activity.
- – Automatic Logoff that terminates a session to an operating system or application containing ePHI when a computer/workstation is unattended, disallowing unauthorized access.
- – Enable encryption for any mobile device or removable storage device, and any transmission of ePHI over an electronic network. Never email or eFax patient data unless encryption is used.
HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). ANATOMY_IT. can provide you peace of mind with our expert HIPAA compliance services. Contact us here to learn more.