Are you HIPAA Compliant?


Branch Technologies can perform a network and policy assessment of your practice to ensure HIPAA compliance. Once compliant our remote monitoring tools will keep you up to date.

HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.

The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI).

If you are hosting your data with a HIPAA compliant hosting provider, they must have certain administrative, physical and technical safeguards in place, according to the U.S. Department of Health and Human Services. The physical and technical safeguards are most relevant to services provided by your HIPAA compliant host as listed below, with detail on what constitutes a HIPAA compliant data center.

Physical safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).
Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.

Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations.

Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact.

Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.

A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.


  • This RSS feed URL is deprecated August 16, 2018
    This RSS feed URL is deprecated, please update. New URLs can be found in the footers at
  • County may extend HIPAA contract - Clinton Herald August 15, 2018
    County may extend HIPAA contractClinton HeraldSrp said the use of Carosh Compliance Solutions was an opportunity for the county to catch up, evaluate, bring the county current and provide training for HIPAA. He added the creation of the Human Resources director position was thought to have the ...
  • HIPAA through the years: 5 biggest fines since 2008 - Becker's Hospital Review August 14, 2018
    HealthITSecurity.comHIPAA through the years: 5 biggest fines since 2008Becker's Hospital ReviewSigned into law in 1996, HIPAA establishes a set of safeguards that covered entities and business associates must abide by to protect patient data. Failure to adequately secure this information could result in criminal prosecution or a civil fine ...OCR Levies Close to $80M in […]
  • pMD Undergoes SOC 2 and HIPAA Security Audit | Markets Insider - Markets Insider August 14, 2018
    pMD Undergoes SOC 2 and HIPAA Security Audit | Markets InsiderMarkets InsiderSAN FRANCISCO, Aug. 14, 2018 /PRNewswire/ -- This year, pMD, the innovation leader in health care technology, is pleased to announce that it has ...pMD Undergoes SOC 2 and HIPAA Security AuditBenzingaFrequently Asked Questions About the AICPAaicpapMD Blog - We're Serious About Security. But, You […]
  • Oklahoma Government in Row Over Alleged HIPAA Violation - August 13, 2018
    HealthITSecurity.comOklahoma Government in Row Over Alleged HIPAA ViolationHealthITSecurity.comIn a letter to Republican Governor Mary Fallin, three Democratic state lawmakers argued that the decision to allow access to medical records using smartphones was a “direct violation of federal HIPAA regulations,” The Oklahoman reported Aug. 8.State investigation finds Veterans Affairs didn't violate medical privacy laws with cellphone […]
  • HIPAA Security Rule Turns 20: It's Time for a Facelift - August 12, 2018
    BankInfoSecurity.comHIPAA Security Rule Turns 20: It's Time for a FaceliftBankInfoSecurity.comThe HIPAA security rule made its debut 20 years ago, and it's time for a refresh to reflect the changing cyberthreat landscape and technological evolution that's taken place over the past two decades, says security expert Tom Walsh.
  • State lawmakers allege Veterans Affairs committed HIPAA violation; director calls that 'unfathomable' - August 8, 2018
    NewsOK.comState lawmakers allege Veterans Affairs committed HIPAA violation; director calls that 'unfathomable'“This is a direct violation of federal HIPAA (Health Insurance Portability and Accountability Act) regulations,” the legislators told Fallin. They say the alleged HIPAA violation “could jeopardize the millions of federal funding dollars coming to our ...and more »
  • HHS mulls changes to HIPAA - Becker's Hospital Review August 2, 2018
    HHS mulls changes to HIPAABecker's Hospital ReviewHHS is considering changes to the way substance abuse and mental health information is protected under HIPAA, GovInfoSecurity reports. HHS Secretary Alex Azar, during a July 26 speech to the conservative think tank Heritage Foundation, said the agency ...
  • HHS Pushes for Changes to HIPAA Privacy Rule, 42 CFR Part 2 - August 1, 2018
    HealthITSecurity.comHHS Pushes for Changes to HIPAA Privacy Rule, 42 CFR Part 2HealthITSecurity.comMajor changes to HIPAA rules last occurred back in 2013 when HHS issued the Omnibus Final Rule implementing the HITECH Act of 2009. Among the many changes made in that rule, business associates were required for the first time to comply the HIPAA ...
  • OCR issuing fewer HIPAA penalties in 2018, report suggests - Becker's Hospital Review July 31, 2018
    OCR issuing fewer HIPAA penalties in 2018, report suggestsBecker's Hospital ReviewThe HHS Office for Civil Rights is on track to impose significantly fewer HIPAA settlement fines in 2018 than the agency has in previous years, according to a report from the law firm Gibson Dunn. The July 26 report is a mid-year review of healthcare ...