HIPAA Compliance

What is HIPAA Compliance?

HIPAA Compliance is the Health Insurance Portability and Accountability Act, that sets the bar when it comes to protecting sensitive patient data. All companies that have to deal will protected health information or (PHI) have to ensure that all the required physical, network, and process security measures are in place and followed.

Covered Entities (CE) who are anyone who provides treatment, payment, and operations in healthcare and also the Business Associates (BA) who is anyone with access to the patient information and provides support in treatment, payment or operations.

HIPAA Privacy Rule 

This rule regulates and addresses the saving, accessing, and sharing of personal and medical information of an individual. This enables HIPAA to ensure that all information is kept between the individual and the CE or BA.

HIPAA Security Rule

This rule outlines national security standards to protect health data created, received, maintained, or transmitted electronically.

 

What Constitutes a HIPAA Compliant Data Center?

  • Physical Safeguards – include limited facility access and control, with authorized access in place. Every company that is HIPAA compliant must ave policies about use and access to workstations and electronic media. This includes transferring, removing, disposing, and re-using electronic media and electronic protected health information (ePHI)

 

  • Technical Safeguards – require access control to allow on only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.

 

  • Technical Policies – also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact.

 

  • Network, or Transmission, Security –  the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, internet, or even ove a private network, such as a private cloud.

What is HIPAA Compliant Email?

The HIPAA Privacy Rule created, for the first time, a set of national standards for the safeguard of certain health information. It allows Covered Entities to disclose PHI to a Business Associate if they receive assurances that the Business Associate will use the information only in the scope of which it was engaged by the Covered Entity.

The HIPAA Security Rule was added to set out what safeguards must be in place to protect electronic PHI (ePHI), which is health information that is held or transferred in electronic form.

In regards to email, this means that covered entities are required to take reasonable steps to protect PHI from their computer and as it’s transmitted electronically, all the way to the recipient’s inbox.

If you are using a third party to transmit or host PHI, they are required by law to sign a Business Associate Agreement (BAA) with you. The BAA establishes that certain administrative, physical and technical safeguards are in place.

While there’s no certification that makes an email provider achieve HIPAA compliant email status, meeting the requirements set by the HIPAA Privacy & Security Rules is the best place to start, along with strong technical security measures to make sure PHI is protected inbox to inbox.

 

The Business Associate Agreement (BAA) has 10 provisions that must be covered:

  1. Determine the amount of protected health information (PHI) the Business Associate is allowed to disclose.
  2. Assures the Business Associate will not use or release PHI other than required by the contract or by law.
  3. Require the Business Associate to use appropriate safeguards to prevent unauthorized access to PHI. This is especially important when it comes to electronic protected health information, or ePHI. The Business Associate must make sure high encryption standards are always in place and that hackers don’t penetrate its systems.
  4. Compel the Business Associate to report to the covered entity any data breaches of unsecured protected health information.
  5. Make sure the Business Associate releases protected health information when a patient asks for it.
  6. Define what components of the HIPAA Privacy Rule the Business Associate is responsible for and make sure it complies with those requirements.
  7. Require the Business Associate to make available its internal practices, books, and records to the U.S. Department of Health and Human Services.
  8. At termination of the contract, require the Business Associate to return or delete all protected health information it received from the covered entity.
  9. If a Business Associate uses subcontractors that have access to protected health information, the BA must make sure those subcontractors also sign a Business Associate Agreement.
  10. Allow the covered entity to terminate the agreement if the Business Associate violates a material term of the contract.

Should You Be HIPAA Compliant?

If your business is within the medical field and involves many patients giving medical and personal information to your business, then yes.

In 2009 a supplemental act was passed called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules mentioned above.

Information has become more and more prone to attacks and has been hacked into on multiple occasions, information is extremely sensitive as it allows for just about anyone to be able to benefit off of it. So the HIPAA Compliance is extremely important in today’s medical field and we strongly urge any medical facility not suiting HIPAA guidelines to give us a call.

Protect your patients, save yourself from an hefty penalty, and lets get to business.

Areas we service: hipaa in Wheeling, hipaa in Buffulo Grove, hipaa in Arlington Heights, hipaa in Northbrook, hipaa in Prospect Heights, hipaain Des Plaines, hipaa Schaumburg, hipaa in Chicago, hipaa in Lincolnshire, hipaa in Glenview, hipaa in Niles, hipaa in Lake Bluff, hipaa in Glencoe, hipaa in Winettka, hipaa in Wilmette, hipaa in Evanston, hipaa in Barrington, hipaa in Palatine