What a HIPAA Privacy Officer Does 

Matías Giannoni, Ph.D., works as a HIPAA Privacy Officer at Terra to ensure that everyone involved in handling ePHI knows the rules, regulations and policies really well and, more importantly, if in doubt, that they feel confident reaching out to him before taking any step or action that might be in violation of the rules or, worse, compromising information. “So, it is not just a matter of ticking a few boxes but being tangentially involved in operations to make sure all processes are compliant and secure,” Giannoni explained. 

The key responsibilities of working as a HIPAA Privacy Officer include: 

• Making sure all the processes internally are compliant and everyone knows exactly what they have to do in order to minimize risks to almost zero 
• Overseeing the annual training of team members handling ePHI to keep up to date with the latest developments 
• Assessing new technologies to optimize our operations while remaining in compliance 
• Acting as a liaison to the IT Department and prioritizing cybersecurity by taking all the steps to be at the cutting edge of information security technologies  
• Being the first point of contact in case of any breach and the one in charge of communicating any situation with external stakeholders 

Working with Total HIPAA 

While Giannoni has strong experience working in heavily regulated environments with obscure and sometimes confusing regulations, Terra also relies on an external organization for additional consulting and guidance. When it comes to collaborating with Total HIPAA, Giannoni shared that they have been key partners in organizing our processes, conducting a thorough internal audit, and training our team. There are many things in which their expertise has proven to be invaluable. “Sometimes a certain technology is compliant with regulations, but it can be improved with a more advanced technology as regulations sometimes are defined with reference to technologies that existed at the point a certain legislation was put in place, and Total HIPAA advises us on those points where we can do even better than the minimum standards.” 

The Most Important Aspect of Protecting Patient Privacy 

The human aspect, both in terms of where the main failures can come from as well as in terms of the consequences cannot be overlooked. “When I think about this task, I am not thinking about potential fines or breaches of contract. Having access to all this sensible information, I am constantly obsessed about the fact that I would never like to see such sensitive information out in the open or in the hands of a heartless ransomware hacker,” Giannoni said, “That thought keeps me constantly alert.” 

To make sure that all staff members handling ePHI are trained on HIPAA policies and procedures, they receive Total HIPAA’s thorough training and evaluation annually. According to Giannoni, all of our team members scored high in their training and demonstrated a very strong culture of compliance. “Nevertheless, I often test their knowledge in our operational meetings to make sure they remember it correctly,” he shared.  

The Takeaway 

In safeguarding ePHI, the role of a HIPAA Privacy Officer stands as a crucial pillar in ensuring compliance and fortifying the security of patient data during translation processes. All patients deserve privacy while navigating medical care, which is why at Terra, we go to great lengths to remain compliant.  

The post Protecting ePHI in Translation: The Role of a HIPAA Privacy Officer   appeared first on Terra Translations.

At Terra, we’re strongly committed to the protection of the data that our clients entrust us to translate. To help us achieve our privacy goals, we partner with Total HIPAA and continuously take steps in the various aspects that pertain to our business operations. This helps us ensure that our processes are always compliant with HIPAA’s Security and Privacy Rules. Let’s take a closer look at the three layers of our defense system.  

Layer # 1: IT Infrastructure 

Our IT Department understands cybersecurity is crucial to protect ePHI and considers it a top priority. Because of this, this department takes the following actions to ensure adequate protection of this information: 

Device protection  

All devices owned by Terra are administered and monitored through Microsoft Azure tools, which include observing for potential threats as well as tracking local user activity. Additionally, all of our connections are SSL (Security Socket Layer) encrypted and we are currently working on expanding our corporate VPN to all users for additional security. As a bonus, any activity logs generated by these tools can be analyzed on demand.  

Software and hardware monitoring 

We continuously monitor both software and hardware through Microsoft Intune, as well as the configuration and subsequent deployment of proprietary security policies. In order to provide maximum security to our clients, Terra hosts all information on our own secure on-premises server in Milwaukee, Wisconsin. This ensures that the information stays within our secure environments, enabling us to have more control over the management of information. 

Security 

To help enhance security, Terra utilizes Microsoft Defender for Endpoint to ensure security through MFA for all Active Directory users. Our team also has limited access to protected health information. They can only view what is necessary and individual access to ePHI is constantly logged. Additionally, all our devices containing protected health information are encrypted and have strong password protection. We frequently update these passwords to maintain their strength.  

When it comes to our internal and external communication, as well as the sharing and management of files, knowledge bases, and content in general, we use Office 365 Suite for seamless collaboration across the organization.  

Layer # 2: Our Team 

Just as crucial as the IT infrastructure, having a team of people behind it who know how to use the tools is as important—if not more. Here’s how we make sure our team has the tools, resources and knowledge to remain compliant: 

All team members with access to protected health information, from leaders to project managers, are trained on the HIPAA compliant procedures and processes in place so they can handle ePHI securely from initial reception to final client delivery. This includes HIPAA concepts, standards, and security and privacy measures. Every member that passes all the courses also receives an official certification from Total HIPAA and is required to sign a confidentiality agreement that protects patient privacy. We promote and encourage a culture of compliance. Because of this, every year, our team participates in additional training.  

Documents that contain ePHI and require translation services are carefully assigned to linguists who are both experts in the healthcare field and are also trained in HIPAA compliance. To evaluate their knowledge, we created an internal test that they must pass to demonstrate their ability to properly handle the documents with the utmost care. These linguists are not able to download the ePHI to their own devices and always work within secure environments. 

Layer # 3: Our Privacy Officer 

Having the right team in place makes all the difference. Our Privacy Officer, Matías Giannoni, oversees the development, implementation, maintenance and adherence to the procedure regarding the safe handling of ePHI in compliance with HIPAA regulations. Matías acts as a liaison to the IT Department to ensure privacy and security practices are implemented. He guides the training of our team, addresses any concerns individuals may have, and promptly analyzes if actions should be taken.  

A Commitment to Risk Assessment, Mitigation and Continuous Improvement  

Maintaining confidentiality, document control, and client trust are vital to Terra. This commitment is illustrated by the entire Terra team executing risk assessments on a yearly basis under the most stringent guidelines and practices to preserve the security of all private information entrusted to us.  

Our journey towards maintaining privacy is always evolving as HIPAA regulations are subject to change. As a result, we continuously improve our policies and procedures to stay up to date. 

The post Building a Digital Fortress for ePHI: A Three-Layer Defense System appeared first on Terra Translations.