Data compliance consists of industry rules and regulatory framework. The laws and regulations are formulated by government or state agencies to safeguard personal or organizational data. Data in organizations such as healthcare institutions is usually vulnerable to authorized access or loss thereby necessitating the need to handle it responsibly ( Luxton, Kayl & Mishkind, 2012) . High profile data privacy issues and costly data breaches have compelled organizations to relook on how they can handle, process, store and dispose sensitive data. Data compliance rules require healthcare organizations to safeguard sensitive patient and staff information according to local and global regulations. In the United States, healthcare institutions ought to comply with regulations such as the Health Insurance Portability Accountability Act HIPAA to safeguard patient data.
Elements of an effective data compliance program
Implemented procedures, standards of conduct and written policies.
Designation to compliance team and officers.
Effective awareness through education and training.
Established communication lines.
Comprehensive internal monitoring and auditing.
Established standards for enforcement and well formulated disciplinary guidelines ( Walker et al., 2012) .
Delegate your assignment to our experts and they will do the rest.
Prompt response to detected infringement and application of corrective measures.
HIPAA
HIPAA enumerates standards for protection of sensitive patient data ( Herold & Beaver, 2014) .
The act requires healthcare providers to install physical, network and security measures.
Entities covered by HIPAA include institutions engaged in payment, treatment and healthcare operations.
HIPAA formulates a standard for protection of electronically transformed healthcare data.
It outlines non-technical and technical safeguards to protect patients electronic PHI ( Herold & Beaver, 2014) .
The HIPAA compliance require dealers to computerize healthcare operations
The regulation improves efficiency and quality of healthcare.
HIPAA physical and Technical safeguards
Restricted facility access and control with only authored access allowed.
Policies on access and use of electronic media and workstations
Limitations for removal, disposal and transfer of ePHI and re-use of electronic media.
Access control must have unique IDS, automatic log off and emergency access procedures ( Herold & Beaver, 2014) .
Must provide audit reports that track software and hardware activity.
Technical safeguards must cover integrity controls and measures to protect ePHI.
Must have IT recovery and offsite backup to restore patient data in case of a failure.
Should have transmission security that offers protections against unauthorized access to ePHI ( Herold & Beaver, 2014) .
Common HIPAA violations
Hacking
Sending PHI to wrong patient
Social media posts
Business associate breach
Discussing PHI outside office confines
HER breach
Malware incidences
Stolen laptop or phone
HIPAA violation categories
Access controls
Use and disclosure
Notice of privacy practices
Inappropriate security safeguards
Minimum necessary rule
HITECH Act
The regulation motivates implementation of electronic health records and related healthcare technologies ( Mennemeyer, Menachemi, Rahurkar & Ford, 2016) .
It promotes expansion of health information technology
It addressed and sealed weaknesses in the HIPAA act of 1996.
The act introduces tougher penalties for failure to comply and an extra incentive for HealthCare institutions ( Mennemeyer et al., 2016) .
Importance of HITECH Act
It improves care coordination of overall efficiency.
Formulates a framework for sharing of health information between approved entities ( Mennemeyer et al., 2016) .
Gives guidance on appropriate health records to be adopted
Introduced healthcare incentives that encourages hospitals to make necessary changes
The act increased adoption of HER to 14.2% from 3.2% by 2015.
It ensures adherence to HIPAA security rules and privacy regulations.
HITECH general rules
Maintenance of reasonable physical and technical safeguards.
Integrity, availability and confidentiality of created e-PHI ( Mennemeyer et al., 2016) .
Protection of anticipated treats to information security.
Workforce compliance,
The Joint Commission
It is a US non-profit organization created in 1951.
It evaluates and accredits organizations that provide care services.
It assesses and accredits healthcare plans, networks and programs.
The organization focuses on improving quality of care and safety towards the public ( Schmaltz et al., 2011) .
It establishes standards that organizations use to assess and improves performance.
Joint commission standards focus on resident care, organizations functions and patient welfare.
The entity carry onsite evaluation to assess compliance to commission standards
Importance of data compliance in healthcare
It promotes adherence to federal and state regulations on healthcare requirements.
Leads to prevention and protection of likely abuse, waste, fraud and instances of liability.
Data encryption creates a protection for unauthorized access of patinets data and PHI by intruders.
It ensures confidentiality and privacy of patient data.
Allows patients to easily access healthcare data
Manages security risks thus saving millions of dollars annually that would be lost for breach of data security.
Summary
Data compliance in healthcare focuses on adherence to best practices, rules and regulations established by government agencies such as the Jont Commission to ensure patient data protection from potential access by unauthorized subjects. Healthcare organizations are required to strictly implements data compliance regulations such as HIPA and HITECH standards to achieve accreditation and certification ( Luxton et al., 2012) . The HIPAA of 1996 enumerate regulatory standards that guides healthcare providers in disclosure of patient data and use of information. Healthcare organization are bound by the HIPAA privacy, security and integrity requirements. The HIPAA establishes privacy, security, breach notification and omnibus rules that guide covered entities and business associates. The HITECH Act was established to supplement HIPAA on use of electronic heath records. The act created tougher penalties for compliance failure and added extra incentives for compliance of security and privacy rules. The Joint commission formulates standards which healthcare organization ought to adhere for accreditation and certification.
References
Luxton, D. D., Kayl, R. A., & Mishkind, M. C. (2012). M-Health data security: The need for HIPAA-compliant standardization. Telemedicine and e-Health , 18 (4), 284-288.
Herold, R., & Beaver, K. (2014). The practical guide to HIPAA privacy and security compliance . Auerbach Publications.
Mennemeyer, S. T., Menachemi, N., Rahurkar, S., & Ford, E. W. (2016). Impact of the HITECH act on physicians’ adoption of electronic health records. Journal of the American Medical Informatics Association , 23 (2), 375-379.
Schmaltz, S. P., Williams, S. C., Chassin, M. R., Loeb, J. M., & Wachter, R. M. (2011). Hospital performance trends on national quality measures and the association with Joint Commission accreditation. Journal of hospital medicine , 6 (8), 454-461.
Walker, J. S., Jorasch, J. A., Nee, P. W., Fincham, C. C., Walker, E., Bean, D., & Maniam, R. (2012). U.S. Patent No. 8,092,224 . Washington, DC: U.S. Patent and Trademark Office.
