Is having login and password access to my computer sufficient to meet HIPAA/HITECH guidelines?

Having a login and password is just a start to becoming HIPAA/HITECH ready. But a login and password only go so far. There are many ways to get past a simple login and password these days, and if anyone ever does hack into a computer containing PHI, then it’s all compromised. So HIPAA/HITECH guidelines don’t just pertain to access to PHI but also regulate storage and transfer. Information must always be protected when archived or when transferring the information to other parties.

Let’s start off with archiving and storage of PHI. PHI must always be encrypted when in storage and not in use. This prevents personal information from being compromised if hardware is every stolen or lost. GearXport is a very useful tool for encryption. It allows users to encrypt and decrypt files and keep the files HIPAA/HITECH compliant. It can also assist in keeping file transfers safe which we will talk about a little later. Now another important topic with PHI is archiving. No PHI information should be truly archived. If the information is no longer needed for any reasons do not archive it for safe keeping. Delete it, destroy it, get rid of it. Don’t give yourself even more information that you have to be responsible for if you don’t have to.

HIPAA/HITECH Guidelines also outline regulations for transferring files. Files transferred via the internet must be encrypted. The internet is a very vast space with many different access points for everything, and we cannot always know what is going on within it; it is just too big to monitor everything. In order to avoid unwanted leaks of information encrypt the files you send. This way only the intended recipient will be able to look at and understand the information sent using decryption software; preventing people that try to intercept messages sent via the internet from getting access to important personal information.