HIPAA is an important topic for Children’s Advocacy Centers and their multidisciplinary teams, but this piece of legislation - which includes guidelines related to keeping personal health information safe - is easy to misinterpret, especially without a technology or legal background. We got so many “HIPPA compliance” emails, it was either “No, no, it’s HIPAA” a few times a week, or a formal write-up.
With that in mind, the Network Ninja and Collaborate team created this presentation called “It’s Not Spelled like HIPPO.” This is a practical and social-worker friendly HIPAA primer for CACs, which will walk you through key HIPAA concepts.
Additionally, we’ve created a helpful companion document that delves into HIPAA and its implications for CACs.
HIPAA Topics Covered in the Video and Docs
What is HIPAA?
Learn what the Health Insurance Portability and Accountability Act (HIPAA - not “HIPPA”) actually is, and how it’s geared to keep protected health information (PHI) safe.
Covered Entities (CEs) and Business Associates (BAs)
HIPAA applies to two main types of organizations - and it’s important to grasp the differences. Also learn how Business Associate Agreements (BAAs) are integral to HIPAA compliance.
HIPAA-Related Responsibilities for CACs and Other Covered Entities
Most CACs are required by HIPAA to protect health information in several ways, including:
- Conducting a thorough Risk Analysis
- Deploying several Risk Management practices to reduce risk
- Developing security policies and training employees to properly honor them, sanctioning rulebreakers
- Restricting access to PHI only to those that need it
- Using secure passwords for workstations and software
- Avoiding malware
- Using encryption when storing and transmitting any PHI
- Creating a Contingency Plan for “Emergency Mode”
How Collaborate Helps CACs Keep Health Information Safe
Collaborate case management software is a tool CACs can use to manage and maintain their HIPAA compliance, and related requirements, including:
- Encryption of all data, including backups
- Roles & Permissions to restrict access on a “need to know” basis
- Enforcement of strong passwords and disallowing shared accounts
- Access Control Lists to help prevent unauthorized use
- Complete logs of every single change made to every case
- Login Monitoring and lockouts for suspicious activity
- Limits for physical and facility access to keep data safe