Guest Column | February 27, 2014

3 Ways Hospitals Can Help Ensure HIPAA Compliance

Hospital HIPAA Compliance

By Randy Briley, Director of Healthcare, Motorola Solutions

The Health Information Portability and Accountability Act (HIPAA) is 13 years old. During that time, the acronym, HIPAA, has become synonymous with patient privacy. Every patient receives the doctor or hospital’s privacy policy during an initial visit and terms like protected health information (PHI) have become part of the everyday healthcare vernacular.

There are as many places for HIPAA violations to occur in a hospital. One potential vulnerable spot is in the mobile technology and wireless network the facility uses to share information among nurses, doctors, staff, and even patients and guests. The use of mobile computers by nurses and personal devices by doctors and guests is going to continue to increase as hospitals seek to improve the quality of patient care and the patient experience. Paying attention to a few simple steps can help keep patient and hospital information secure and save the challenges of reporting and recovering from a breach.

Step 1: Secure your wireless network AND devices
The wireless network in a hospital can be an open door for intruders to access secure files. Network monitoring software should be installed and used appropriately in every hospital and health facility. The software should be able to do four key things:

  • Close security gaps, including unsecured devices like wireless printers or computers;
  • Securely sign-on guest devices only to the part of the network to which they have authorized access;
  • Identify rogue devices or users attempting access the network; and
  • Encrypt data in motion across the network to hide it from hackers.

Step 2: Ensure mobile devices are secure 
Enterprise mobile computers in the hands of nurses and operations personnel are revolutionizing patient care and back office processes. Mobile computers and personal devices present two unique information security challenges — securing the information on the device and the information being sent or received from the device. Mobile devices need to have security management capabilities built into the operating system or installed by solutions providers. The management software should identify individual sign-on credentials and only allow information access to authorized staff members. The software should also wipe clean confidential information from the device when the user signs out.

Step 3: Build information security into daily workflows
We’ve all heard the adage, “Security is everyone’s problem.” It is true. The best guards against HIPAA information breaches are the staff members themselves. The IT department can install the best devices, networks and software but without staff cooperation and commitment, it can be broken. Staff members should be included in the design of workflows and how information security will fit into them. Continued education on the importance of patient privacy and redesign of processes will help keep staff engaged in participating in the security of sensitive information.

Good networks, secure devices and committed staff can ensure that your hospital’s name isn’t in the next HIPAA breach headline.

For more information on wireless solutions for healthcare, click here.