The Doorway to Compliance
- By Matt Conrad
- Jun 01, 2010
The Health Insurance Portability and
Accountability Act legislates how a patient’s
information is managed, viewed,
documented and transported in both
interoffice and intra-office settings. The
law protects both physical and electronic
data and documents. It requires patients’
medical history be protected, but it also
has forced organizations with access to
this information to assess security needs
and gaps to ensure compliance.
The difference between achieving
HIPAA compliance and being in violation
of these laws could be as simple as
whether a door closes and locks properly.
Since HIPAA addresses information
security from a comprehensive perspective,
every place this information resides
or passes through, both physically and
electronically, must be protected.
Physical records must be in secured
areas. Doors and locks into these areas
should be inspected frequently to ensure
their functionality. Entry management
should ensure that only authorized personnel
Some doors also must be alarmed,
viewed by CCTV or staffed at all times.
The organization’s HIPAA compliance officer
will determine which areas require
enhanced security technology.
User protocols need to do more than
establish who has access to the information;
they need to establish how the information
is accessed. Using an advanced
key-based solution that has a patented
keyway system is a sufficient basic solution.
Such a system allows administrators
to keep track of key holders and significantly
reduces problems associated
with unauthorized key duplication.
A more popular and advanced security
option is an electronic access control
system. Electronic security comes in a
variety of credential and network options,
from offline pincode locks on a door to
wireless locks and card readers. With an
electronic solution, administrators can
restrict user access to specific days and
times, as well as log user entry. This audit
trail can be used by administrators to
help ensure compliance.
Matt Conrad is the director of healthcare markets for Ingersoll Rand Security Technologies.