What are the Network security requirements under HIPAA?

With the advancement of technology and increasing exchange of patient information between health organizations, insurance providers and referral agencies exposes patient information to a series of users and facilities. So, health-related organizations must meet certain technology requirements in terms of how their computer networks operate in order to comply with HIPAA. These network requirements provide guidelines for securing patient information and monitoring user activity within the system.

Network security requirements under HIPAA require organizations to employ data encryption, firewall protection and email protection as a means of protecting confidential patient information, according to the American Academy of Family Physicians. Further, the HITECH Act advises the organizations to implement data encryption technology within their system networks. Firewall protection requirements are designed to prevent the likelihood of a system security breach. Email security requirements, though partially handled by a reliable firewall system, can further be secured through encryption software.

To prevent unauthorized access to PHI, network system requirements under HIPAA mandate the use of a medical billing code system that provides a standardized method for recording services rendered and transacting patient billing information between health-related organizations and third-party payers, according to the American Academy of Family Physicians. Organizations handling patient information also are required to maintain updated patient authorization forms that permit organizations to store, record and transmit patient information. In terms of patients being able to gain access to their own records, HIPAA requires organizations to take measures to ensure patient information is available in the event of a fire or a system failure. Compliance with this provision requires organizations to have a reliable backup system capable of storing patient information and/or recovering lost data.

Under HIPAA, auditing requirements refer to an organization’s ability to monitor how authorized personnel are accessing patient records, according to the American Academy of Family Physicians. To do this, a system network must be able to assign unique user names and passwords and assign user access levels for everyone who accesses the system. User access levels limit the types of information a particular user can view and can restrict user access to a particular set or department of patients.