If your business exists in the digital or online realms anywhere at all, then you have to be aware of how to use digital safeguards, and how to make sure that you’re compliant with any requirements within your particular industry as well. The tech industry and the medical industry in particular have compliance laws on the federal level to ensure all sorts of different types of client privacy [1].

So, if you aren’t already familiar with how these safeguards work, either through software or hardware means, then give yourself a refresher about topics like HITECH, HIPAA, personal password best practices, website administrator responsibilities, and how important it is to work with different types of encryption.

Reviewing HITECH

Within the healthcare industry, there are lots of federal regulations. And though you may be familiar with the more longstanding ones (like HIPAA below), you have not be aware of HITECH, and this set of regulations is just as important these days, and specifically deals with businesses that involve electronic records. Because this data is no longer just pieces of paper in locked cabinets, but is now available through digital means, security compliance is more important than ever for storing this information on your business’s personal servers. Once compliant, feel free to market this fact!

Understanding HIPAA

But before you understand why HITECH is important, there’s the matter of HIPAA [2,3] itself. Whenever you talk to people in the medical industry, they’ll tell you how important privacy is all around. Any sort of breach in medical information security, and there’s a tremendous amount of damage that can be done on personal and professional levels. The best business decisions that you can make regarding your own personal security and data record keeping are to use up to date compliant measure at all times, and train staff accordingly.

Personal Password Protection

Every person in your business, especially if you have to deal with any type of private medical information in your communication, should follow password best practices. Sometimes this means having a method of your own that you use, other times it means using a password plugin that makes good login decisions for you.

Website Administrator Responsibilities

If you’re the website administrator in your company, there are a number of security features that you’re in charge of as well. User databases have all kinds of information like email addresses, phone numbers, and birthdates, so it’s important that you maintain safeguards from your backend coding.

Working With Encryption

All of the above-mentioned security interests deal with some type of encryption along the line as well, which means that you should at least be partially familiar with how all of that works. You don’t have to understand the intricacies of military-grade hexadecimal, but at the very least you should understand why things get encrypted in the first place.

[1] Singhal, Himanshu, and Arpan Kumar Kar. “Information Security concerns in Digital Services: Literature review and a multi-stakeholder approach.” In Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, pp. 901-906. IEEE, 2015.

[2] Centers for Disease Control and Prevention. “HIPAA privacy rule and public health. Guidance from CDC and the US Department of Health and Human Services.” MMWR: Morbidity and mortality weekly report 52, no. Suppl. 1 (2003): 1-17.

[3] Cao, F., H. K. Huang, and X. Q. Zhou. “Medical image security in a HIPAA mandated PACS environment.” Computerized Medical Imaging and Graphics 27, no. 2 (2003): 185-196.

By Kar

Dr. Kar works in the interface of digital transformation and data science. Professionally a professor in one of the top B-Schools of Asia and an alumni of XLRI, he has extensive experience in teaching, training, consultancy and research in reputed institutes. He is a regular contributor of Business Fundas and a frequent author in research platforms. He is widely cited as a researcher. Note: The articles authored in this blog are his personal views and does not reflect that of his affiliations.