North Texas Dentistry Volume 7 Issue 2 NTD 2017 ISSUE 2 DE | Page 28
5 HIPAA Technical
Safeguards Explained
data protection
by Don Douglas
We’ve all been there. You go to a meeting and someone talks
about HIPAA compliance. You leave, ready to conquer the
HIPAA monster. But come Monday morning, HIPAA seems
much harder to explain to your staff, and suddenly you wish you
had an IT degree.
So let’s simplify things.
HIPAA is a series of safeguards to ensure protected health
information (PHI) is actually protected. There are five HIPAA
Technical Safeguards for transmitting electronic protected
health information (e-PHI).
Let’s break them down, starting with the first and probably most
important one.
Transmission Security
Also called encryption, this converts information into
a code. You want the highest number when it comes to
encryption (i.e., 256, 1024, 2048-bit), because the higher
the level, the stronger the security.
Accomplished through: Encryption software in the mar-
ketplace today
Authentication
Verifies that the people seeking access to e-PHI are who they
say they are.
Accomplished through: The federally-recognized DIRECT
project. DIRECT verifies users and recipients through mul-
tiple forms of identification.
Technology like biometrics, which can use fingerprints, face,
or iris recognition for verification purposes
Access Control
Ensures there is no unauthorized access of devices by a
person other than an authorized, specifically-known user.
Accomplished through: Unique usernames, passwords,
and an automatic log-off feature built into the software
28 NORTH TEXAS DENTISTRY | www.northtexasdentistry.com
Audit Control
Produces an audit trail across hardware, software and/or
procedural mechanisms.
Accomplished through: Software that produces a detailed
audit report. Do not just take a vendor’s word for it. Ask him
or her to produce an instant HIPAA audit trail report of your
demo session. In the resulting report, you should see every
activity that occurred during your demo, and who it was
performed by.
Integrity
Ensures that electronically transmitted e-PHI is not improp-
erly modified without detection, until e-PHI is disposed of.
Accomplished through: An off-site service that stores all
e-PHI communications for six years — without the possibil-
ity of e-PHI modification.
Each safeguard can be met individually or through cost-effective
solutions that meet all technical safeguards in a comprehensive
software package. Products are often labeled “HIPAA-Compliant”,
but only satisfy one or two of these safeguards. Insist that your
vendor demonstrate all five technical safeguards. Your practice
depends on it.
Donald Douglas is a 24-year professional with a
focus in Operations and Administration. As the Chief
Operating Officer at iMedicor, Don facilitates be-
tween all departments, from product development
to sales, ensuring responsive, secure, HIPAA-
compliant solutions for their clients. His career
began at Pitney Bowes and accelerated rapidly in the
technology sector. He was a founding member of
Axsa Document Solutions, where his logistical expertise helped grow the com-
pany into an Inc. 500 company. Over his career, Don developed and managed
teams across a wide variety of departments including Customer Service, Cor-
porate Training, Lease Operations and Administration. After serving in the United
States Navy, Don attended the University of North Carolina at Greensboro.