Are you HIPAA Compliant?

hipaa_blue

Branch Technologies can perform a network and policy assessment of your practice to ensure HIPAA compliance. Once compliant our remote monitoring tools will keep you up to date.

HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.

The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI).

If you are hosting your data with a HIPAA compliant hosting provider, they must have certain administrative, physical and technical safeguards in place, according to the U.S. Department of Health and Human Services. The physical and technical safeguards are most relevant to services provided by your HIPAA compliant host as listed below, with detail on what constitutes a HIPAA compliant data center.

Physical safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).
Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.

Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations.

Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact.

Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.

A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.

RSS HIPAA News

  • This RSS feed URL is deprecated October 19, 2018
    This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news
  • ERI's John Shegerian Calls Anthem's Record HIPAA Settlement a 'Warning for the Entire Healthcare Industry' - Business Wire (press release) October 18, 2018
    ERI's John Shegerian Calls Anthem's Record HIPAA Settlement a 'Warning for the Entire Healthcare Industry'Business Wire (press release)Federal regulators hit health insurer Anthem Inc. with a record $16 million HIPAA settlement as a result of a cyberattack revealed in 2015, which impacted nearly 79 million people. In announcing the record HIPAA fine, regulators noted the […]
  • Anthem to Pay $16 Million in Largest Ever OCR HIPAA Settlement - JD Supra (press release) October 18, 2018
    Anthem to Pay $16 Million in Largest Ever OCR HIPAA SettlementJD Supra (press release)On October 15, 2018, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that Anthem, Inc. (Anthem) agreed to pay $16 million to settle allegations relating to HIPAA violations following a 2015 data breach ...
  • Updated Tools for Your HIPAA Toolkit: Security Risk Assessment - Lexology October 18, 2018
    The Daily SwigUpdated Tools for Your HIPAA Toolkit: Security Risk AssessmentLexologyThe new tool provides a more user friendly format for an organization to step through common threats and vulnerabilities to be addressed under the HIPAA Security Rule. Unlike the prior version, the updated tool also provides summary information in a ...Anthem pays out record $16m […]
  • United States: Are Non-Covered Activities And Programs At Your Campus/Institution Leaving You Overly Vulnerable To ... - Mondaq News Alerts October 17, 2018
    United States: Are Non-Covered Activities And Programs At Your Campus/Institution Leaving You Overly Vulnerable To ...Mondaq News AlertsHIPAA defines a hybrid entity as a single legal entity that is a covered entity; whose business activities include both covered and non-covered functions; and that self-designates the health care components that it provides. Covered functions include ...
  • HIPAA lets providers text patients, but is it secure? - MobiHealthNews October 17, 2018
    MobiHealthNewsHIPAA lets providers text patients, but is it secure?MobiHealthNewsHIPAA permits “readily producible”private health information to be transferred to a patient through their preferred medium, as long as the provider can do so in a way that wouldn't present an “unacceptable level of security risk” to PHI. But a lot of ...
  • Anthem's $16M HIPAA settlement largest in history - Becker's Hospital Review October 16, 2018
    Healthcare Finance NewsAnthem's $16M HIPAA settlement largest in historyBecker's Hospital ReviewAnthem will pay HHS $16 million to settle potential HIPAA violations related to cyberattacks that compromised the health information of nearly 79 million people in 2015, HHS said Oct. 15. The payment is the largest settlement the Office for Civil ...Anthem to Pay Biggest HIPAA […]
  • Azar Issues 2nd HIPAA Privacy Rule Waiver in As Many Months - HealthITSecurity.com October 12, 2018
    HealthITSecurity.comAzar Issues 2nd HIPAA Privacy Rule Waiver in As Many MonthsHealthITSecurity.comSo far, HHS has issued HIPAA Privacy Rule waivers in the following emergencies: the 2017 California Wildfires and Hurricanes Michael, Florence, Maria, Irma, Harvey, and Katrina. OCR related that the HIPAA Privacy Rule contains provisions designed to ...
  • HIPAA and data sharing: Rethinking both for the Digital Age - Healthcare IT News October 10, 2018
    Healthcare IT NewsHIPAA and data sharing: Rethinking both for the Digital AgeHealthcare IT NewsIronically, HIPAA was written at a time when most providers were on paper charts and submitting paper claims. It established a framework for protecting patient information and focused heavily on the way providers shared patient information. The ...Record Copying Fees, Admin Hurdles […]
  • Despite HIPAA Law, Researchers Say Getting Medical Records Still is Burdensome - Healthcare Informatics October 8, 2018
    Health Data ManagementDespite HIPAA Law, Researchers Say Getting Medical Records Still is BurdensomeHealthcare InformaticsThe Privacy Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) gives patients the right of access to their protected health information. Per federal regulation, medical record requests must be fulfilled within 30 days of ...Secret Shoppers Seeking Patient […]