Are you HIPAA Compliant?

hipaa_blue

Branch Technologies can perform a network and policy assessment of your practice to ensure HIPAA compliance. Once compliant our remote monitoring tools will keep you up to date.

HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.

The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI).

If you are hosting your data with a HIPAA compliant hosting provider, they must have certain administrative, physical and technical safeguards in place, according to the U.S. Department of Health and Human Services. The physical and technical safeguards are most relevant to services provided by your HIPAA compliant host as listed below, with detail on what constitutes a HIPAA compliant data center.

Physical safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).
Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.

Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations.

Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact.

Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.

A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.

RSS HIPAA News

  • This RSS feed URL is deprecated February 22, 2018
    This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news
  • 2018 HIPAA Compliance: Virtual Boot Camp by AudioEducator ... - Benzinga February 22, 2018
    2018 HIPAA Compliance: Virtual Boot Camp by AudioEducator ...BenzingaBefore you text or email a patient, brush up on your HIPAA compliance know-how—or face serious consequences. Durham, NC (PRWEB) February 22, 2018. You already know that HIPAA applies to all healthcare professionals, but do you know how to practice ...
  • Therap's Software for Intellectual and Developmental Disabilities ... - PR Newswire (press release) February 21, 2018
    Therap's Software for Intellectual and Developmental Disabilities ...PR Newswire (press release)WATERBURY, Conn., Feb. 21, 2018 /PRNewswire/ -- The Document Storage module allows agencies to store different external documents for an individual and access them from one central location within the system. Documentation including intake and ...and more »
  • Involuntary Dissolution Does Not Absolve Business Associate of HIPAA Obligations - The National Law Review February 21, 2018
    Involuntary Dissolution Does Not Absolve Business Associate of HIPAA ObligationsThe National Law ReviewA receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 to the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) in a no-fault settlement regarding potential violations of the Health ...
  • Closed business still owes $100K for HIPAA violations - Clinical Innovation + Technology February 20, 2018
    Clinical Innovation + TechnologyClosed business still owes $100K for HIPAA violationsClinical Innovation + TechnologyA receiver for Filefax has agreed to pay $100,000 from its liquidated estate to the HHS Office for Civil Rights (OCR) after being found in violation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Filefax had advertised ...
  • Are You a Hybrid Entity Under HIPAA? - Law.com February 17, 2018
    Law.comAre You a Hybrid Entity Under HIPAA?Law.comA hybrid entity under HIPAA is a single legal entity that is a covered entity whose business activities include both covered and non-covered functions and that designates certain units as health care components. So much for the legal definition; let's ...
  • Already grappling with $3.5 settlement over HIPAA violations, Triple-S reports mailing breach - Healthcare Finance News February 15, 2018
    Healthcare Finance NewsAlready grappling with $3.5 settlement over HIPAA violations, Triple-S reports mailing breachHealthcare Finance NewsA little more than two months after getting hit with a $3.5 million settlement with the Health and Human Services Office for Civil Rights for widespread failure to safeguard patient's protected health information, Puerto-Rico based insurance company ...and more »
  • Explaining The HIPAA-HITECH Intersection - Campus Safety Magazine February 15, 2018
    Campus Safety MagazineExplaining The HIPAA-HITECH IntersectionCampus Safety MagazineFrom it's inception, the Health Information Technology for Economic and Clinical Health Act (or the HITECH Act) was intended to further enforce many rules within the Health Insurance Portability and Accountability Act (HIPAA). As such, understanding ...
  • HIPAA Penalty Follows Company Into Receivership - Occupational Health and Safety February 15, 2018
    HIPAA Penalty Follows Company Into ReceivershipOccupational Health and Safety13 that a receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $ 100,000 out of the receivership estate to the HHS Office for Civil Rights to settle potential violations of the Health Insurance Portability and Accountability ...
  • Is your cloud service provider ready for HIPAA? - CSO Online January 31, 2018
    CSO OnlineIs your cloud service provider ready for HIPAA?CSO OnlineAmazon states it like this: There is no HIPAA certification for a cloud provider such as AWS. In order to meet the HIPAA requirements applicable to our operating model, AWS aligns our HIPAA risk management program with FedRAMP and NIST 800-53, a higher ...