Important Notice to Healthcare Organizations: Complying With HIPAA Isn’t Enough – Are You In Compliance With MIPSA?

So you’ve heard of HIPAA, time and time again, but have you heard of the Medical Information Privacy and Security Act (MIPSA)? Since the enactment of MIPSA, the gaps in federal privacy law have been closed to protect personally identifiable health information; and although many healthcare organizations aren’t aware, it’s fundamental to ensure compliance.

Now you’re probably wondering, “what is MIPSA and when was it enacted?” Well, MIPSA was enacted in 1999 as a follow-up legislation designed to tighten up loose ends in terms of HIPAA requirements. The act is fairly broad in scope – covering medical records in paper and electronic forms and applying to doctors, hospitals, insurers, researchers, and many other entities.

Ultimately, MIPSA was designed to reaffirm the right to expect the privacy of personal, confidential medical records. So how does MIPSA benefit and protect patients? Well, it provides patients with the right:

• To access their health information.
• To challenge the accuracy of their health information.
• To a clear explanation prior to disclosure.
• To limit disclosure to individuals involved with their healthcare.
• To require a warrant before law enforcement can access medical records.

As MIPSA involves a set of rules to govern the disclosure of personal health information, there’s a few safeguards that must be established and maintained, including administrative, technical, organizational, and physical safeguards. These are required to ensure the confidentiality and accuracy of protected health information; and above all, these safeguards ensure:

• The use or disclosure of protected health information only occurs when necessary.
• Those who have access to protected health information are identified.
• The potential ways to limit access to protected health information are considered.

When it comes to ensuring the right technical and physical safeguards are in place, a team of healthcare IT experts can come in handy! In fact, we’re able help you deploy the right technical and physical safeguards to secure protection health information & make sure you’re in compliance with HIPAA and MIPSA. How do we do this? We help you:

• Implement facility access controls to limit physical access to facilities wherein protected health information is stored while ensuring access to authorized personnel.
• Create policies on workstation use to specify the appropriate use of workstations used to store, transfer, and access protected health information while ensuring restrictions in terms of access to those workstations.
• Set up access control to allow access to authorized users for software programs that contain or store protected health information; we use encryption, identification protocols, and more.
• Perform regular audits to examine and record activity regarding healthcare IT systems and protected health information, in order to ensure the right safeguards are in place.
• Manage anti-virus software and firewalls to combat emerging security threats, including malware, viruses, and spam, that pose a potential threat to protected health information.

Still feeling uncertain about MIPSA? To learn more, give us a call at (408) 809-0774 or send us an email at info@veltecnetworks.com. Veltec Networks can help you stay up to date on all of the healthcare regulations and requirements regarding the protection of patients’ protected health information.