Last week, we took a look at HIPAA compliance and what it can teach employers about appropriate security measures for employee data. Those only represent some of the rules about data privacy in an increasingly tech-savvy age. With the strong push to have all medical providers move to EHR (Electronic Health Record) systems, the federal government has recognized a need to create additional guidelines.
This is especially important since one of the main purposes of using electronic systems is to make information-sharing more efficient. Increasing the accessibility of health information is a two edged swords. It’s going to require some well thought-out policies and procedures to keep private health information out of the wrong hands. Many of these same concerns plague employers who want to use mobile, web-based, and third party HR software applications but aren’t sure how to make employee data secure.
HITECH May Present Some Answers
HITECH (Health Information Technology for Economic and Clinical Health) is a supplement to HIPAA regulations. It addresses some of the issues that storing and transmitting data digitally entail. This Act was signed into law in 2009, but the details of implementation are still under discussion. The finalized rules are expected to be released sometime later this year. Here are some of the comments the HIT Privacy and Security Workgroup has made about the Act:
“We want to stress that to adequately protect the security of information and the privacy of consumers, EHR technology certification is only one consideration. The meaningful-use Notice of Proposed Rule Making (NPRM) stresses the importance of analyzing security and privacy risks – based upon the identified risks, enterprises must then adopt appropriate policies and practices essential to protecting information and creating trust.”
In other words, just because a specific program is certified as compliant doesn’t mean it offers full protection. An organization needs to use the technology appropriately and back it up with intelligent policies/procedures to take full advantage of security features.
“In general, we are pleased with the approach the Rule has taken in specifying functional requirements instead of constraining choices to a single technology standard or several standards.”
One problem employers often confront is HR software that is marketed as being compliant with various standards but that doesn’t really have the required functionally. Your vendor should be able to tell you not only what standards their software meets, but also the mechanism by which their software meets those standards. At Emerald Software, we do this via assertion documents that take you point by point through our compliance protocols.
Here are additional areas of privacy and security that HITECH will address:
Once the final rules are released, we will be taking a close look at how our software measures up to the proposed guidelines. Our goal is to ensure products such as Universal Onboarding are compliant with the gold standards in data privacy from HIPAA to HITECH – going above and beyond traditional levels of HR software security.