Are you HIPAA Compliant?


Branch Technologies can perform a network and policy assessment of your practice to ensure HIPAA compliance. Once compliant our remote monitoring tools will keep you up to date.

HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.

The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI).

If you are hosting your data with a HIPAA compliant hosting provider, they must have certain administrative, physical and technical safeguards in place, according to the U.S. Department of Health and Human Services. The physical and technical safeguards are most relevant to services provided by your HIPAA compliant host as listed below, with detail on what constitutes a HIPAA compliant data center.

Physical safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).
Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.

Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations.

Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact.

Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.

A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.


  • This RSS feed URL is deprecated April 25, 2018
    This RSS feed URL is deprecated, please update. New URLs can be found in the footers at
  • HIPAA Compliance and the High Stakes of Securing Patient Data - MD Magazine April 24, 2018
    MD MagazineHIPAA Compliance and the High Stakes of Securing Patient DataMD MagazineIndeed, while Congress debates what, if any, regulation is needed to protect users' privacy on social media, health care providers have lived under the Health Insurance Portability and Accountability Act (HIPAA) for more than 2 decades, and the Health ...The Hidden World of OCR's […]
  • HIPAA Compliance Gap Between Compliance Officers, Regulators - April 20, 2018
    HealthITSecurity.comHIPAA Compliance Gap Between Compliance Officers, RegulatorsHealthITSecurity.comHealthcare compliance pros said that compliance with the HIPAA Security and Privacy rules is their highest priority, while the regulators at the HHS Office of the Inspector General (OIG) and the Department of Justice (DOJ) are focused on corrupt ...
  • States Increase HIPAA Enforcement - Lexology April 19, 2018
    States Increase HIPAA EnforcementLexologyOverview of Recent Settlement Actions. Recent Health Insurance Portability and Accountability Act (“HIPAA”) enforcement settlements for Virtual Medical Group (“VMG”) in New Jersey and EmblemHealth in New York may signal a broader trend of increased ...
  • Grindr and Similar Apps Should Adopt HIPAA-Like Protocols to Protect Users' Data and Regain Their Trust - Slate Magazine April 6, 2018
    Slate MagazineGrindr and Similar Apps Should Adopt HIPAA-Like Protocols to Protect Users' Data and Regain Their TrustSlate MagazineBefore looking at how the HIPAA could help Grindr, we should first consider what Grindr did and did not actually do. Late Monday, Grindr CTO Scott Chen took to the internet to defend the company, explaining that Grindr […]
  • Is this a HIPAA Violation? - ModernMedicine April 2, 2018
    Is this a HIPAA Violation?ModernMedicineTwo years ago, Dr. Beauty hired several independent contractors on an hourly basis to improve the marketing of his practice. In order to provide them easy patient demographic accessibility, he provided them full access to his patients' electronic ...and more »
  • Risks of HIPAA negligence - (blog) March 31, 2018 (blog)Risks of HIPAA (blog)HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting private medical patient information and can often lead to headaches for those in health care. With the introduction of new health care technology for ...
  • Building the best HIPAA contingency plan - March 31, 2018
    ModernHealthcare.comBuilding the best HIPAA contingency planModernHealthcare.comWhether by the hand of hackers or the weather gods, patient data are always at risk of being breached. As the plague of cyberattacks on health systems continues, HHS' Office for Civil Rights wants healthcare organizations to establish contingency plans ...and more »
  • HIT Think How providers should respond to a HIPAA complaint - Health Data Management March 29, 2018
    Health Data ManagementHIT Think How providers should respond to a HIPAA complaintHealth Data ManagementAt some point in time, most group practices, hospitals or other provider organizations will receive a letter from the Office for Civil Rights stating that the agency received a complaint from a patient, employee or some other party with knowledge or ...
  • OCR Considering HIPAA Privacy Rule, Enforcement Changes - March 28, 2018
    BankInfoSecurity.comOCR Considering HIPAA Privacy Rule, Enforcement ChangesBankInfoSecurity.comFederal regulators are considering potential changes to HIPAA privacy rule and enforcement regulations, but aim to first engage the healthcare sector and public for input, says the nation's top HIPAA enforcer, Roger Severino. See Also: Live Webinar ...and more »