Health Information Compliance Report

The days of paper patient health care records are fast becoming a historic dinosaur. There are over 160 million Americans utilizing the internet for Health information and two-thirds are those are physicians and other health care workers who rely on a SSL or VPN to transmit patient health information (DeTora & Linkon, 2009). In addition, the new age of technological savvy patients want access to their health information, desire real time communication with their providers (i.e. patient portals) by providing virtual communication from scheduling appointments, refill prescriptions, and on-line bill payments. However, HealthCare Professionals must address the issue on how to provide secure access.
There are two ways to ensure Health information

is secure when utilizing the internet. The first and most important rule is to ensure the individual access the data is the correct person. Therefore, everyone who access health information should have a secure log in assigned to them with access only to the data required to perform his/her job.

The next item is to utilize a secured socket layer (SSL) to increase security by encoding data at the sent point and decrypting it at the receiving end plus adding a layer of corporate firewalls (Lee, 2003). The next method utilizes a Virtual Private Network or VPN to transport packets but utilizes its own software to encrypt and decrypt at the sending and receiving transmission platforms (Gartee, 2011). Therefore a VPN limits the data packets to those individuals who have been identified to access the information and the system is maintain within the information department of the facility. In addition, a VPN verifies the identity of the person signing on by ensuring those only with access should be able to view the data. Another benefit of a VPN is that it is not limited to WebPages and may be utilized to secure data being transmitted in other application software (Lee, 2002). The Health Insurance Portability and Accountability ACT of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH mandates the appropriate administrative, technical and physical safeguards be utilized to protect

electronic health information (Sabnis & Charles, 2012). Several safeguards are federally mandated to protect PHI such as: User and Entity Authentication, Unique identifiers, access control, audit control, integrity, transmission security, encryption, SSL and/or TLS, digital signatures, training and privacy policies (Sabnis & Charles, 2012). The increased access and availability of HIM is to ensure compliance and security. Some ways to avoid a breach is to review behavioral analysis, reputation and establish a context and relationship with users, devices, applications and workflows to determine anomalies (Sabnis & Charles, 2012). Therefore regular audits on data access, secure pass codes, and limit access. Also, the facility can use a point-to-point access to limit their risk of a breach (Gartee, 2011). In the event of a breach of PHI the facility should follow the guidelines on breach notification established by HIPAA.
Work cited
DeTora, G., & Linkon, N.

(2009). The New Age of Healthcare Communications. Marketing Health Services, 29(3), 23-27.
Lee, D. S. (2002). Wireless Internet Security. Information Systems Security. 11(3).

34.
Greene, T. (2003). Healthcare group picks on SSL for remote access. Network World, 20(1), 17.
Sylvia, L. 2003. “New promise for inter organizational collaboration: as a network platform, VPNs can help initiate and sustain information-sharing networks.” Health Management Technology 24(10), 42.
Gartee, R. (2011) Health Information Management and Information Technology. Retrieved from Bethel University Online textbook, 19 November 2014.
Sabnis, S., & Charles, D. (2012). Opportunities and Challenges: Security in eHealth. Bell Labs Technical Journal, 17(3), 105-111. Doi:10.1002/bltj.21561