What is HIPAA Compliance?
HIPAA Compliance is the Health Insurance Portability and Accountability Act, that sets the bar when it comes to protecting sensitive patient data. All companies that have to deal will protected health information or (PHI) have to ensure that all the required physical, network, and process security measures are in place and followed.
Covered Entities (CE) who are anyone who provides treatment, payment, and operations in healthcare and also the Business Associates (BA) who is anyone with access to the patient information and provides support in treatment, payment or operations.
HIPAA Privacy Rule
This rule regulates and addresses the saving, accessing, and sharing of personal and medical information of an individual. This enables HIPAA to ensure that all information is kept between the individual and the CE or BA.
HIPAA Security Rule
This rule outlines national security standards to protect health data created, received, maintained, or transmitted electronically.
What Constitutes a HIPAA Compliant Data Center?
- Physical Safeguards – include limited facility access and control, with authorized access in place. Every company that is HIPAA compliant must ave policies about use and access to workstations and electronic media. This includes transferring, removing, disposing, and re-using electronic media and electronic protected health information (ePHI)
- Technical Safeguards – require access control to allow on only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.
- Technical Policies – also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact.
- Network, or Transmission, Security – the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, internet, or even ove a private network, such as a private cloud.
Should You Be HIPPA Compliant?
If you run any business that is within the medical field and results in many patients giving medical and personal information to you as a business then yes.
In 2009 a supplemental act was passed called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules mentioned above.
Information has become more and more prone to attacks and has been hacked into on multiple occasions, information is extremely sensitive as it allows for just about anyone to be able to benefit off of it. So the HIPAA Compliance is extremely important in today’s medical field and we strongly urge any medical facility not suiting HIPAA guidelines to give us a call.
Protect your patients, save yourself from an hefty penalty, and lets get to business.