While it offers a comprehensive and lengthy look at compliance, the National Institute of Standards and Technology (NIST) HIPAA Security Rule Guide does not take into account the explosion in usage of cloud-based collaboration services seen in past years.
Here are our top technical safeguard considerations for organizations that want greater collaboration around electronic protected health information (ePHI) while maintaining HIPAA compliance.
1. Survey Employees
The first simple step in achieving better collaboration around ePHI is to ask employees – with no strings attached – what tools they use to transfer and share data. Compile these products and services into a list that can be used in future compliance analysis.
2. Audit Collaboration Service Providers
Once a list is established, its time to go straight to the source and ask some key questions of the vendors involved. While these questions may vary depending on industry and ePHI type, typical starters are as follows:
- Do you encrypt data stored on your servers by default?
- Does data from multiple users live on the same server location?
- Do you offer the option for us to host your software in our local environment?
3. Write and Communicate Policies
Based on audit findings it might be necessary to restrict or ban the use of certain products and services. While that might be inconvenient for users who have come to rely on them for productivity, it is a necessary step to protect ePHI and maintain HIPAA compliance. Any policies should be in plain language and easy to distribute to all team members.
4. Check in Frequently
Let’s face it: Technology is evolving faster than we can keep track. New mobile apps, software as a service (SaaS) products, and email providers will pop up all the time. While properly communicated policies should help employees navigate these new products and services, checking in frequently will help make sure company policies cover all contingencies.
5. Embrace the Unknown
An environment of fear is no way to work, yet with record HIPAA fines being handed down from the Department of Health and Human Services, executives are fighting employee use of collaboration tools with renewed vigor. Make an effort to learn the details behind new products and services that help spur a creative, collaborative environment. Only through testing and understanding these new technologies will organizations be able to effectively manage policies around them.