Are you HIPAA Compliant?
Branch Technologies can perform a network and policy assessment of your practice to ensure HIPAA compliance. Once compliant our remote monitoring tools will keep you up to date.
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.
This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.
The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI).
If you are hosting your data with a HIPAA compliant hosting provider, they must have certain administrative, physical and technical safeguards in place, according to the U.S. Department of Health and Human Services. The physical and technical safeguards are most relevant to services provided by your HIPAA compliant host as listed below, with detail on what constitutes a HIPAA compliant data center.
Physical safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).
Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.
Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations.
Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact.
Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.
A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.
- Dallas Cowboys' Quarterback Won't Say if He's Vaccinated, Gives Lame 'That's HIPAA' Excuse - The Daily Beast July 27, 2021Dallas Cowboys' Quarterback Won't Say if He's Vaccinated, Gives Lame 'That's HIPAA' Excuse The Daily Beast
- HIPAA and COVID vaccines: What Rep. Marjorie Taylor Greene and Cowboys quarterback Dak Prescott get wrong - Yahoo News July 27, 2021HIPAA and COVID vaccines: What Rep. Marjorie Taylor Greene and Cowboys quarterback Dak Prescott get wrong Yahoo News
- Briefings On HIPAA: CISA, FBI Issue Joint Warning, Mitigation Tactics On TrickBot Malware - Privacy - United States - Mondaq News Alerts July 27, 2021Briefings On HIPAA: CISA, FBI Issue Joint Warning, Mitigation Tactics On TrickBot Malware - Privacy - United States Mondaq News Alerts
- Norse Code Podcast Episode 377: HIPAA Violations - Daily Norseman July 27, 2021Norse Code Podcast Episode 377: HIPAA Violations Daily Norseman
- How Are You Controlling Access To Your ePHI? - JD Supra July 27, 2021How Are You Controlling Access To Your ePHI? JD Supra
- New Relic Launches Industry’s First HIPAA-Compliant Observability Platform to Help Healthcare and Life Sciences Organizations Deliver ‘More Perfect Software’ - Yahoo Finance July 27, 2021New Relic Launches Industry’s First HIPAA-Compliant Observability Platform to Help Healthcare and Life Sciences Organizations Deliver ‘More Perfect Software’ Yahoo Finance
- HIPAA Compliant Messaging Software Market SWOT Analysis 2021 by Top Manufacturers: , Luma Health, SimplePractice, TigerConnect, VSee, OnCall Health – Murphy's Hockey Law - Murphy's Hockey Law July 27, 2021HIPAA Compliant Messaging Software Market SWOT Analysis 2021 by Top Manufacturers: , Luma Health, SimplePractice, TigerConnect, VSee, OnCall Health – Murphy's Hockey Law Murphy's Hockey Law
- What is the HIPAA Privacy Rule? A health law scholar explains - The Conversation US July 26, 2021What is the HIPAA Privacy Rule? A health law scholar explains The Conversation USWhat is HIPAA? A primer on the healthcare privacy law Los Angeles TimesHIPAA Laws may not be what you think they are WTRFFilming Seizures -- A HIPAA Violation? MedscapeThe federal law many people don't actually understand California News TimesView Full Coverage on Google News
- Health Providers Must Have Patient Record Access Under HIPAA - The National Law Review July 26, 2021Health Providers Must Have Patient Record Access Under HIPAA The National Law Review
- Cowboys' Jerry Hints at Dak Vaccination Status; What About HIPAA? - Sports Illustrated July 26, 2021Cowboys' Jerry Hints at Dak Vaccination Status; What About HIPAA? Sports Illustrated