Are you HIPAA Compliant?
Branch Technologies can perform a network and policy assessment of your practice to ensure HIPAA compliance. Once compliant our remote monitoring tools will keep you up to date.
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.
This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.
The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI).
If you are hosting your data with a HIPAA compliant hosting provider, they must have certain administrative, physical and technical safeguards in place, according to the U.S. Department of Health and Human Services. The physical and technical safeguards are most relevant to services provided by your HIPAA compliant host as listed below, with detail on what constitutes a HIPAA compliant data center.
Physical safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).
Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.
Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations.
Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact.
Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.
A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.
- This RSS feed URL is deprecated December 14, 2017This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news
- HIPAA Compliant Cloud Backup Review for Small Businesses - PR Web (press release) December 14, 2017HIPAA Compliant Cloud Backup Review for Small BusinessesPR Web (press release)Making an identical copy of your business data and automatically transferring it via the internet to an offsite server is a service you need to protect your business in today's tumultuous world. Total HIPAA Compliance published a whitepaper, “HIPAA ...
- Barkly Endpoint Protection Platform Achieves Validation for HIPAA Compliance - Business Wire (press release) December 13, 2017Barkly Endpoint Protection Platform Achieves Validation for HIPAA ComplianceBusiness Wire (press release)BOSTON--(BUSINESS WIRE)--Barkly, the company advancing endpoint security by combining the strongest, smartest protection with the simplest management, today announced that the Barkly Endpoint Protection Platform™ has been independently validated to ...and more »
- Comprehensive Health Services Completes Annual HIPAA Compliance Audit - ExecutiveBiz (blog) December 13, 2017ExecutiveBiz (blog)Comprehensive Health Services Completes Annual HIPAA Compliance AuditExecutiveBiz (blog)Cape Canaveral, Florida-based Comprehensive Health Services said Wednesday the annual HIPAA assessment covered the company's administrative, physical and technical measures to protect client data. During the audit, GuidePoint collected information from ...
- Proposed Law Would Criminalize Failures to Report Data Breaches - Lexology December 13, 2017Proposed Law Would Criminalize Failures to Report Data BreachesLexologyHowever, covered entities and business associates out of compliance would be subject to enforcement for both HIPAA violations and for violations under the Act. As large scale data breaches continue to dominate the news cycle, we are likely to see ...and more »
- HIPAA requirements extend to outsourced work - www.behavioral.net December 11, 2017www.behavioral.netHIPAA requirements extend to outsourced workwww.behavioral.netOutsourcing is a great way to shift workloads, but executives need to be careful when partnering with vendors to ensure they are complying with HIPAA rules. A slip up by a business associate could cost treatment centers time and money when liability ...
- CORRECTING and REPLACING Progress Releases Progress Health Cloud – Built on a HIPAA-Compliant Platform ... - Business Wire (press release) December 11, 2017CORRECTING and REPLACING Progress Releases Progress Health Cloud – Built on a HIPAA-Compliant Platform ...Business Wire (press release)Progress (NASDAQ:PRGS), the leading provider of application development and deployment technologies, today announced the availability of Progress® Health Cloud, the first and only enterprise health cloud that fully integrates industry leading frontend ...and more »
- Why HIPAA shouldn't be an impediment to public health data sharing - Healthcare IT News December 6, 2017Healthcare IT NewsWhy HIPAA shouldn't be an impediment to public health data sharingHealthcare IT NewsDespite the fact that the law has been on the books for more than two decades, there's still a lot of misconceptions about HIPAA and the ways it applies to information sharing. We've even heard horror stories about hospitals refusing to […]
- How public health agencies can navigate HIPAA to integrate data-driven chronic disease interventions - FierceHealthcare December 5, 2017FierceHealthcareHow public health agencies can navigate HIPAA to integrate data-driven chronic disease interventionsFierceHealthcareAs those agencies explore opportunities to integrate high-quality patient data into outreach efforts, they also have to navigate longstanding privacy requirements outlined under HIPAA. In a report (PDF) released by the deBeaumont Foundation and Johns ...and more »
- HIT Think Why making videos in healthcare facilities could pose a HIPAA risk - Health Data Management November 22, 2017Health Data ManagementHIT Think Why making videos in healthcare facilities could pose a HIPAA riskHealth Data ManagementVideo recording used to be a complicated, equipment-heavy process. Now, it's as simple as turning on a smartphone. And videos, once recorded, appear on the internet all of the time. Police body cameras are another growing area where a […]