Your checklist for HIPAA Compliant software

Businesswoman hand writing checklist on notebook, planning conce

In your search for the right agency management platform, a big “must-have” is a software that meets HIPAA regulations.  HIPAA is the Health Insurance Portability and Accountability Act of 1996.  These two rules are otherwise known as the ‘Standards for Privacy of Individually Identifiable Health Information’ (Privacy Rule) and the ‘Security Standards for the Protection of Electronic Protected Health Information’ (Security Rule). Because the software is managing protected health information, it’s important that the software has passed HIPAA certfications.  It seems obvious, but think about all of the home made solutions out there.  While they are inexpensive, are they safe and do they meet HIPAA certs?  Chances are they don’t and that puts your agency at risk.  We put together a checklist to use when checking out software to see if meets the HIPAA standards.  And if you’re wondering, yes – MediSked Connect if fully HIPAA compliant!

Under HIPAA Security requirements there are specific provisions for administrative safeguards, physical safeguards, and access control.


CHECKMARK2 resized 600 Access Authorization

CHECKMARK2 resized 600Log In Monitoring

CHECKMARK2 resized 600Password Management

CHECKMARK2 resized 600Data Backup Plan

CHECKMARK2 resized 600Disaster Recovery Plan

CHECKMARK2 resized 600Emergency Mode Operation Plan


CHECKMARK2 resized 600Facility Security Plan

CHECKMARK2 resized 600Data Backup and Storage

ACCESS CONTROL [142.308 (c)]

CHECKMARK2 resized 600Unique user identification

CHECKMARK2 resized 600Automatic Log off

CHECKMARK2 resized 600Encryption / Decryption

Along with those items it’s imperative to have a Business Associate Agreement with any stakeholder you work with to protect the PHI of the clients you serve.

Another term that’s used alot for HIPAA compliant software is Limiting Access and Use to the Minimum Neccessary.  Under the regulations this is described as “covered entity must develop and implementpolicies and procedures that restrict access and uses of protected health informationbased on the specific roles of the members of their workforce. These policies andprocedures must identify the persons, or classes of persons, in the workforce whoneed access to protected health information to carry out their duties, the categories ofprotected health information to which access is needed, and any conditions underwhich they need the information to do their jobs.”

What this means for software is that it must provide the ability to create access levels and user roles to group employees into so that you can restrict access to PHI that is not necessary for them to do their job.

HIPAA also stipulates a standard for digital signatures and electronic billing.  You will want to double check that the digital signatures in place in the software meet HIPAA standards.  On the billing end of things, the most common HIPAA compliant electronic transaction files that affect provider agencies are:

– HIPAA 270/271-Eligibility, Coverage or Benefit Inquiry

– HIPAA 276/277 Health Care Claim Status Request / Notification

– HIPAA 837/835 Claims/Remits Health Care Claim / Claim Payment Advice

Check to make sure the Agency Management Platform you are looking at can handle these sets of transactions as well.

HIPAA Compliance is the most important requirement for a software in this space.  By following the checklist and guidelines above you can be certain that the software you choose meets these standards.

Related Topics