HIPAA Compliance & Gathering Patient Data Electronically May 24, 2018 HIPAA compliance, JNT TEK 906 Implementing HIPAA requirements doesn't have to the rocket science. In fact, with the right support implementation for most practices can be handled without too much effort. It just takes a little commitment from the organization and basic compliance requirements can be met. HIPAA and IT 101: Protect patient data Never send any patient data electronically unless it's encrypted Solution: https://www.jnttek.com/inexpensive-easy-to-implement-secure-e-mail-using-office-365/ Make sure your systems have up to date antivirus and malware protection Ensure all systems are updated with the latest security patches Encrypt saved/stored data as well as data being sent Make sure access is controlled to allow only those that need access to patient data Make sure your practice has a good firewall that will filter harmful websites Encrypt local computer – built into most modern computers with Windows 10 Solution: https://www.jnttek.com/make-sure-your-next-computer-has-this-security-feature-before-making-the-purchase/ Practices sometimes take in patient data from their website via a form. However, many don't put in the proper protections to make sure their patient's data is secured. These practices often don't realize just how insecure their website is and how vulnerable their patient data is. Here are some tips to secure your website: If you are using a CMS like WordPress, make sure it's updated to the latest version Older versions of CMS systems are a major security risk and can be easily hacked Make sure the site and especially the form pages where patient data is inputted are secured using SSL/HTTPS Get hosting from a good web host provider that also provides firewall and web application filtering Some web hosts will even fix a site if it does happen to get hacked, which can still happen even with best protection Don't send form data to an email account unless it's encrypted If possible use a secure database to store patient form data rather than send via email If you aren't sure how secure your IT systems and website are, we recommend having an expert review your systems and provide a security evaluation. JNT TEK offers free assessments of IT & security systems for practices of any size.