Whether you host electronic medical records within your company, use an outside data hosting or storage company, or partner with a company to provide scanning services for protected health information, it is important to be aware of the requirements for data centers to be fully compliant with HIPAA regulations. Full compliance means that a facility’s technology, policies, procedures, and personnel are fully in synch with both HIPAA Privacy and HIPAA Security Rules.
The specific requirements for full HIPAA data center compliance are detailed, but fall into a few major categories. The following is a general summary of those requirements.
Facility Security
The facility itself must be fully secured. This means access must be restricted only to company personnel who are fully trained in HIPAA security rules. No one should have access to patient records unless they absolutely need access as part of their job. Video surveillance, secure entry and exit points, security alarms and other measures to discourage a physical breach of the facility should be in place.
This includes the transportation and storage of paper documents to and from a facility. Ideally, the documents should always be under the strict control of HIPAA-trained personnel.
Network Security
Digitized documents stored within a network must be secured with redundant firewalls, two-factor password authentication systems, SSL certificates and strict access controls. Anti-virus and intrusion detection systems must be in place. Backup and disaster recovery systems must be utilized to assure that data will not be lost due to natural or other disasters, such as fires, floods, earthquakes, power outages, etc. Security measures must be in place 24 hours per day, 7 days per week.
Personnel Security
All personnel within a facility must be fully trained and vigilant to assure that no breaches of HIPAA rules occur. Even within a data center facility, only staff members that require access to original paper documents, scanning equipment or electronic records are allowed to handle or access sensitive protected health car information.
Be sure that you ask the right questions whenever inquiring about services that fall into the realm of HIPAA compliance rules. As a health care provider, you are responsible for the security of all protected healthcare information.
our HIPAA compliance procedures and how we can cost-effectively manage your
Electronic Health Records scanning and storage requirements.