In this article we look at Final Omnibus 2013 Rules rolled out for HIPAA and what we need to do in MS Access to remain compliant. Most importantly we look at assuring complete data recovery using a specialized recovery tool.
With an eye on ensuring data privacy and data security in healthcare organizations in the United States, Health Insurance Portability and Accountability Act or HIPAA was enacted. Over the years the technology and business scenario has drastically evolved since the act was passed in 1996. To reflect these changes an array of efforts were made to keep HIPAA relevant and beneficial to all stakeholders. By the start of this decade, a need to address concerns of existing HIPPA act was felt.
Background – HIPAA Final Omnibus 2013 Rules
With the introduction of Final Omnibus Rule in 2013, an effort was made to weed out convoluted aspects of the earlier legislation. Standardization of terms was brought into the picture with the addition of clear definitions. Clear guidelines related to encryption was brought forward while amendments to take mobile devices and other technological advances were incorporated. Another significant change was the introduction of the provision of holding Protected Health Information (PHI) information indefinitely. Previously covered organizations had to store the data for fifty years only; however, with this rule, the need to store PHI data was made perpetual.
The overall impact of all the above progressive improvements has been felt in the industry. Healthcare companies are in general more sensitive about handling PHI than ever before. The threat of huge fines and even criminal charges have made data security a clear focus area for the healthcare industry.
How Can Access work with HIPAA 2013
MS Access has long been used by many small and mid-sized healthcare facilities to store medical records. To ensure compatibility with new HIPAA rules using Access, one needs to undertake the following activities
- Enforce rules for accessing data. This can be done using Windows group policy.
- Splitting the database into front-end and back-end and compartmentalizing access to data
- Enable system-level passwords
- Enforce Encryption: It is absolutely key that encryption is introduced to prevent people from understanding the records you have, even if they could reach the physical files. So if you are using anything older than Access 2007, you need to immediately update your software. It is important to note that Access uses a very strong RSA algorithm for encryption and it provides requisite security for complying with norms.
In case you need to know more about HIPAA rules for your healthcare organization, please visit the US Department of Health and Services (HHS) website.
Keeping Data Accessible using a specialized recovery tool
When we are looking to comply with HIPAA norms, we should always ensure that the data we have is always accessible. To achieve this end, healthcare companies should keep a sophisticated recovery tool like DataNumen Access Repair handy to deal with incidents of Access corruption.
Vivian Stevens is a data recovery expert in DataNumen, Inc., which is the world leader in data recovery technologies, including SQL Server repair and excel recovery software products. For more information visit www.datanumen.com