HIPAA-Compliance Issues for Small Health Care Providers
CMS, the federal Centers for Medicare and Medicaid Services, recently issued a paper on security issues for small health care providers. This seventh paper in the series is devoted to implementation of the Security Rule standards, implementation specifications and requirements as they relate to covered entities that are sole practitioners or otherwise considered small providers.

The paper poses a number of questions for medical providers regarding their HIPAA compliance efforts and programs. Of note, the paper summarizes the importance of HIPAA and HIPAA compliance:
Information security is a necessity in today's world. Preventing unauthorized use of sensitive health information is a core goal of every participant in the health care industry. The Security Rule allows covered entities, including small providers, to implement reasonable and appropriate measures that enable them to comply with the Rule.

The scalable, flexible and technology neutral principles of the Rule allow covered entities to comply in a manner consistent with the complexity of their particular operations and circumstances. Small covered healthcare providers should use this paper and other applicable resources to review and maintain their Security Rule compliance efforts.



 Of particular relevance to Secure Service Corp. (SSC) is the discussion regarding the secure transmission of medical data or EPHI, Electronic Protected Health Information. HIPAA calls for providers to "implement security measures to guard against unauthorized access to EPHI that is being transmitted over an electronic communications network."

The CMS document asks the following:
Based on your required risk analysis, is encryption needed to protect the transmission of EPHI between your office and outside organizations? If not, what measures do you have in place to ensure the protection of this information? Some small providers might consider password protection of documents or files containing EPHI and/or prohibiting the transmission of EPHI via email.

SSC's SHAPE LinxTM is our easy-to-implement solution for secure transmission of documents and email. SHAPE Linx provides a technology neutral desktop environment allowing for easy retrieval, storage, collaboration and communication among health care providers, insurers and patients in a HIPAA secure format. This secure and encrypted communication tool moves patient records including high resolution imaging with a mouse click. Multiple user IDS and passwords are eliminated and there's no hardware to buy!

The complete text of the CMS paper referenced in this newsletter is available at SSC's website, SecureServicesCorp.com.