 | ||||
 | | | ||
 | ||||
|
||||
|
|||||||
|
Don’t
Be Fooled into Buying “HIPAA Compliant” Office
Equipment
Many physicians have received sales pitches from unscrupulous companies selling “HIPAA compliant” office equipment. The most common pitches are for “compliant” photocopiers or cell phones. Physicians should be aware that the HIPAA security rule, in most circumstances, does not require upgrades to such equipment. Many physician practices will not even have to upgrade their computer hardware to comply with HIPAA’s security requirements, most needing only to upgrade their data backup systems and perhaps install hardware firewalls. Before you make any equipment upgrades, your designated security official should perform a risk analysis of the practice’s current “technology assets.” (A technology asset is any equipment used to create, maintain, store, or transmit electronic protected health information.) Only after such an analysis is performed will you be able to reasonably determine if you need to upgrade any of your office equipment or implement new rules and procedures to ensure the security of your patients’ electronic medical records or other protected health information. For an overview of the security rule, see ON-CALL document #1607, “HIPAA Security Rule.” ON-CALL documents are free to members at CMA's members-only website. Nonmembers can purchase ON-CALL documents from CMA's online bookstore. Detailed information on performing a HIPAA risk analysis is included in the CMA/PrivaPlan HIPAA Privacy and Security Toolkit. The toolkit also contains all the information, forms and help you need to comply with the HIPAA privacy rules and regulations. CMA members can purchase the toolkit for $325 (nonmember price is $495). For more information on the toolkit, visit the HIPAA Help Center. Contact: CMA’s legal information line, 415/882-5144 or legalinfo@cmanet.org.
|
|
||||
 |
|
|