HIPAA Required Software Security Measures
There are certain security features that every software must offer to be HIPAA compliant. These security features enable the confidentiality, integrity, and availability of protected health information (PHI) to be maintained.
- User Authentication: allows each user to have unique login credentials to access the software platform.
- Access Controls: allows administrators to designate different employee access levels within the software.
- Audit Controls: allows administrators to track data access patterns, including which user accesses what data and for how long.
- Encryption: prevents unauthorized access to sensitive data.
- Data Backup: prevents data loss in the event of a breach or other incident.
It is important to note that in many cases, end users are responsible for configuring security settings to activate HIPAA required security features.
Business Associate Agreements
Even though many help desk providers meet HIPAA security requirements, they are not necessarily considered HIPAA compliant. Even the most secure software cannot be HIPAA compliant if the provider does not sign business associate agreements (BAAs) with their clients. Before entering into a business associate relationship with any vendor, healthcare organizations are required to have a signed BAA with the vendor. Vendors that don’t sign BAAs cannot be used to create, receive, store, or transmit PHI.