HIPAA violations – Google’s privacy policy not private enough?

In the last few weeks there has been some concerns over Google’s new privacy policy and whether it can cause a HIPAA violation under certain circumstances.

Google’s has brought out a new privacy policy which sort of combines all of Google’s privacy policies across services into one. While it does simply things, some are concerned if this shared policy across services will result in sharing of PHI across services and will in fact, cause a HIPAA violation.

According to Healthcare attorney and consultant David Harlow, this isn’t so. In this interview with FierceHealthIT he argued that Google’s privacy is a sound one and is sufficient from a strict legal constructionist’s standpoint.

This sort of debate, nevertheless can be a little confusing for the everyday computer user at service providers, unaware of every little big thing. This would probably go double for those who are regularly submitting large volumes of PHI to an online documentation system such as Therap. They may ask themselves – “Will the information really be safe out there?”

So, lets go over the things we do at Therap to avoid HIPAA violations:

■   During product development, thorough testing is performed so that users do not have access to information for which they are not authorized. Appropriate policies are in place to deal with any such violation.
■   The location of the servers and their operational details is known only to a few key people.
■   Adequate physical security of hardware is provided.
■   The system is closely monitored for any unusual activities.
■   Firewalls, intrusion detection mechanisms and backup systems are maintained.
■   Internal password policies are set up and regularly updated.
■   Therap staff members are required to sign appropriate legal agreements.
■   Periodic awareness and training programs for staff members to handle potential risks or violations.

In addition, Therap provides the following features for the clients to minimize risks:

■   A three-field authentication mechanism that acts as an electronic signature
■   Secure Sockets Layer (SSL) is used to ensure protection of data during transmission
■   Mechanisms enabling administrators to define multi-level access privileges for agency staff
■   Option to set up password policies for agency staff
■   Inability of users to access data without proper privilege and leaving audit trails (Activity Tracking)
■   Mechanisms to let administrators to activate and deactivate user accounts as needed
■   Automatic data archiving
■   Flexible alert mechanisms over secure media

By |2016-11-03T11:10:49+00:00February 22nd, 2012|Categories: Adit's Posts|Tags: , , , , , , , , , , , |Comments Off on HIPAA violations – Google’s privacy policy not private enough?