This is the fourth article of a five-part series that looks at the area of HIPAA law known as “Technical Safeguards.” Technical safeguards are designed to protect electronic Protected Health Information (ePHI) from internal and external risks. Implementation of these safeguards is required by law, and helps you avoid costly fines. In this brief article, we address “Integrity,” Regulation §164.312(c)(1).
How is the “Integrity” safeguard defined?
A covered entity must implement policies and procedures to protect electronic protected health information from improper alteration or destruction.² This safeguard applies from the time of data creation through storage—a minimum requirement of 6 years³ Regulation §164.316(b)(1).
What factors can compromise ePHI?
People:
- Staff or business associates can change or enter false data.
- Systems can be hacked.
Technology:
- Software or programming bugs
- Computer viruses
- Hard drive or storage failure
What can I do to maintain Integrity?
- Implement a system that automatically checks for data integrity.
- Ensure that changes only happen when required, verified, documented and approved.
- Use off-site, HIPAA-compliant servers, across multiple locations for all data storage and backup.
Why is the integrity of data important?
The integrity of data affects patient care decisions. Accidental or intentional changes to patient information can cause harm or even death to the patient. Changes may also indicate tampering to HIPAA investigators. Finally, compromised records can also result in business loss and adverse financial effects.