Software Developers are in high demand in the healthcare industry where organizations are working on everything from web and mobile applications to blockchain and AI. While the space can be an incredibly fulfilling place to make a career move to, Software Developers need to keep in mind there is a layer of security related to HIPAA compliance that is important for them to understand and eventually, master.
HIPAA (The Health Insurance Portability and Accountability Act of 1996), “is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.” – CDC.gov
HIPAA rules apply to all parties working on projects in the healthcare space including subcontractors, cloud providers, etc.
Title II of the HIPAA act is especially relevant to Software Developers, namely the Privacy Rule and the Security Rule.
The HIPAA Privacy Rule addresses, “the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule.” – CDC.gov
The HIPAA Security Rule applies to a subset of information including all, “individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form,” otherwise known as e-PHI (electronic protected health information).
To comply with the HIPAA Security Rule, entities must:
- Ensure the confidentiality, integrity, and availability of all electronic protected health information
- Detect and safeguard against anticipated threats to the security of the information
- Protect against anticipated impermissible uses or disclosures
- Certify compliance by their workforce
The Security Rule requires technical, physical, and administrative safeguards to be in place to be compliant. A Technical safeguard is technology that protects PHI and controls access to it, including things like access and audit controls. Physical safeguards address the physical access to PHI like workstation security and device controls. Administrative safeguards are policies and procedures that dictate a workforce’s conduct and the security used to protect ePHI, this includes risk analysis and risk management, information access management, contingency planning, among other subjects.
While this isn’t an exhaustive list of the requirements of HIPAA compliance, it’s important that Software Developers that are considering a job in the healthcare industry understand that adhering to HIPAA requirements is paramount to their success.
If you’re interested in a career in the healthcare IT field, reach out to one of Whitridge’s talented Healthcare IT Recruiters today. Our clients come to us to match your professional skills with their corporate objectives and we are constantly getting new roles in the industry. Our team of Healthcare IT Recruiters is consultant focused and we will work with you to stay on the cutting edge of the ever-evolving requirements of your position.
This blog post was written by Danielle Larson, Talent Acquisition & Engagement Specialist
Reference Documents & Sites
About Whitridge Associates
- 30 years of expertise in Healthcare Technology Recruiters Boston and across the country
- Seasoned Healthcare IT Staffing Firm with recognized success in placing qualified candidates
- Robust internal candidate network of healthcare experienced technical talent
- Specialization in consultants with certified and credentialed trainers
- Expertise in full pre/post implementation, CPOE, HIE, and interoperability
- Healthcare IT staffing firm locations: New England - Boston