HIPAA Security Requirements & Compliance
An acceptable performance standard for a covered entity requires more than just doing what is necessary to keep the network running. Even 99.9% uptime falls short. The myriad of other requirements that combine to maintain an IT Network in a continuing state of compliance.
For example, the first section of Administrative Safeguards in the HIPAA Security rule, section §164.308 (a) (1) (ii) (D) states,
“Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.”
Managed IT Services becomes the only practical and economical approach to compliance with just this one section. Here’s why:
- It would be physically impossible for one IT person to keep up with the rigors of this requirement. At some point that person will need to take a vacation, call in sick or not work a weekend.
- The cost to maintain compliance in an hourly break/fix service scenario is prohibitive.
- There are only a handful of individual IT professionals with the Swiss army knife skill set required to manage the complex technology of today. It takes a team.
Regardless of who is handling healthcare IT for you today and what business model they use, finding out just exactly where you stand is a HIPAA mandate.