Are you HIPAA Compliant?

hipaa_blue

Branch Technologies can perform a network and policy assessment of your practice to ensure HIPAA compliance. Once compliant our remote monitoring tools will keep you up to date.

HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.

The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI).

If you are hosting your data with a HIPAA compliant hosting provider, they must have certain administrative, physical and technical safeguards in place, according to the U.S. Department of Health and Human Services. The physical and technical safeguards are most relevant to services provided by your HIPAA compliant host as listed below, with detail on what constitutes a HIPAA compliant data center.

Physical safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).
Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.

Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations.

Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact.

Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.

A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.

RSS HIPAA News

  • This RSS feed URL is deprecated June 19, 2018
    This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news
  • At least 12 Washington Health System employees suspended following alleged HIPAA violation - Becker's Hospital Review June 19, 2018
    At least 12 Washington Health System employees suspended following alleged HIPAA violationBecker's Hospital ReviewThe Observer-Reporter reports the employees may have violated HIPAA by accessing patient records that may have been related to the death of employee Kimberly Dollard, 57, who died June 6 after a vehicle careened into the side of the health system's ...
  • Judge Upholds $4.3M Fines against MD Anderson for HIPAA Violations - HealthITSecurity.com June 19, 2018
    HealthITSecurity.comJudge Upholds $4.3M Fines against MD Anderson for HIPAA ViolationsHealthITSecurity.comOCR accused MD Anderson of violating the HIPAA Privacy and Security Rules in failing to encrypt its inventory of devices that handled and held electronic protected health information (ePHI). This failure lead to the exposure of ePHI on more than 33,500 ...MD Anderson fined $4.3M for HIPAA […]
  • MD Anderson slapped with $4.3M penalty for HIPAA violations - Becker's Hospital Review June 19, 2018
    MD Anderson slapped with $4.3M penalty for HIPAA violationsBecker's Hospital ReviewAn HHS administrative law judge upheld an HHS Office for Civil Rights finding requiring the University of Texas MD Anderson Cancer Center in Houston to pay $4,348,000 in civil penalties for HIPAA violations related to the organization's encryption ...
  • United States: HIPAA Tips From The Trenches - Mondaq News Alerts June 19, 2018
    United States: HIPAA Tips From The TrenchesMondaq News AlertsThe panelists all described the importance of conducting HIPAA risk assessments, with one pointing out that nearly all of OCR's disciplinary actions reference a failure to conduct an adequate risk assessment. The panelist recommended the National ...
  • MD Anderson Ordered to Pay $4.3M HIPAA Fine - HealthLeaders Media June 19, 2018
    FierceHealthcareMD Anderson Ordered to Pay $4.3M HIPAA FineHealthLeaders MediaA judge affirmed a fine HHS issued last year over the Texas cancer center's use of unencrypted devices. The University of Texas MD Anderson Cancer Center must pay more than $4.3 million in fines for its failure to guard the protected health information ...Judge upholds $4.3M HIPAA […]
  • LabCorp Shakes HIPAA Suit Over Data Intake Station Setup - Law360 June 19, 2018
    LabCorp Shakes HIPAA Suit Over Data Intake Station SetupLaw360Law360 (June 18, 2018, 9:30 PM EDT) -- A D.C. federal judge on Friday axed a suit that accused Laboratory Corporation of America of violating the Health Insurance Portability and Accountability Act by failing to adequately shield its computer intake ...
  • Texas Cancer Center Owes $4.3M For HIPAA Failings - Law360 June 18, 2018
    Texas Cancer Center Owes $4.3M For HIPAA FailingsLaw360Law360 (June 18, 2018, 7:42 PM EDT) -- A U.S. Department of Health and Human Services administrative law judge has ordered a Texas-based cancer hospital to pay a $4.3 million penalty for three data breaches that exposed the personal health ...
  • HIPAA Compliance for Small Healthcare Providers - ResearchAndMarkets.com - Business Wire (press release) June 18, 2018
    HIPAA Compliance for Small Healthcare Providers - ResearchAndMarkets.comBusiness Wire (press release)Being in compliance with HIPAA involves not only ensuring that you provide the appropriate patient rights and controls on your uses and disclosures of Protected Health Information; but that you also have the proper policies and procedures in place. If ...and more »
  • Sage Intacct Boosts HIPAA, GDPR Capabilities Of Its Cloud Financial Management Apps - CRN June 18, 2018
    Sage Intacct Boosts HIPAA, GDPR Capabilities Of Its Cloud Financial Management AppsCRNThe new 2018 Release 2 edition also offers increased support to meet Health Insurance Portability Accountability Act (HIPAA) and the European Union General Data Protection Regulation (GDPR) requirements. "We continue to invest in adding capabilities ...