Are you HIPAA Compliant?

hipaa_blue

Branch Technologies can perform a network and policy assessment of your practice to ensure HIPAA compliance. Once compliant our remote monitoring tools will keep you up to date.

HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.

The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI).

If you are hosting your data with a HIPAA compliant hosting provider, they must have certain administrative, physical and technical safeguards in place, according to the U.S. Department of Health and Human Services. The physical and technical safeguards are most relevant to services provided by your HIPAA compliant host as listed below, with detail on what constitutes a HIPAA compliant data center.

Physical safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).
Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.

Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations.

Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact.

Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.

A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.

RSS HIPAA News

  • Bizagi Cloud Achieves HIPAA Compliance - PR Web (press release) October 13, 2017
    Bizagi Cloud Achieves HIPAA CompliancePR Web (press release)Bizagi, a leading enterprise software provider of digital process automation solutions, today announced that its Bizagi Cloud offering has achieved compliance with all data security standards outlined in the Health Insurance Portability and ...Cloud Computing Crash Course: Safety FirstJD Supra (press release)all 2 news articles »
  • HIPAA Electronic Certification Rules Withdrawn - JD Supra (press release) October 11, 2017
    HIPAA Electronic Certification Rules WithdrawnJD Supra (press release)Proposed rules issued January 2, 2014 would have required certain health plans (including self-insured health plans) to certify compliance with three of the HIPAA rules relating to electronic transactions. These certification requirements were viewed ...
  • Healthcare is Ready for Alexa, as Soon as HIPAA Issue Resolved - Xconomy October 10, 2017
    XconomyHealthcare is Ready for Alexa, as Soon as HIPAA Issue ResolvedXconomyA voice-enabled bathroom scale that can scan for diabetic foot ulcers uses Amazon's voice service, Alexa, to instruct patients to step on when they're ready to begin. In one test, a patient responded to Alexa's prompt by declaring, “Ready when you are.”.
  • Las Vegas hospitals must follow regular HIPAA privacy rule - ModernHealthcare.com October 2, 2017
    Las Vegas hospitals must follow regular HIPAA privacy ruleModernHealthcare.comAfter natural disasters, HHS sometimes waives certain HIPAA privacy rule requirements. That's not usually the case after man-made disasters, such as Sunday night's massacre in Las Vegas, where more than 50 were killed and hundreds were wounded after ...and more »
  • Lax Security to Blame For Record Pace of HIPAA Breaches, Feds Say - MSPmentor September 28, 2017
    MSPmentorLax Security to Blame For Record Pace of HIPAA Breaches, Feds SayMSPmentorThe 221 major breaches reported under HIPAA regulations so far this year mark a 66-percent increase over the 133 breaches reported for all of 2016, according to our analysis of records from the U.S. Department of Health and Human Services Office of ...
  • 2017's Record HIPAA Breach Pace Points to Growing Hacker Threat - MSPmentor September 27, 2017
    MSPmentor2017's Record HIPAA Breach Pace Points to Growing Hacker ThreatMSPmentor2016 was a record year for large HIPAA breaches, with covered U.S. healthcare entities reporting 133 cases that affected the private information of at least 500 individuals each. This year is on pace to more than double that figure, with 221 major ...
  • Analysis: Amazon Alexa's biggest healthcare problem? It's not HIPAA compliant - Becker's Hospital Review September 26, 2017
    News Guards (blog)Analysis: Amazon Alexa's biggest healthcare problem? It's not HIPAA compliantBecker's Hospital ReviewAs Amazon tries to work its way into healthcare, one key technology faces a big problem: its personal assistant, Alexa, is not yet HIPAA compliant, according to an analysis by CNBC digital health reporter Christina Farr. Alexa, Amazon's voice ...Amazon's Alexa to […]
  • Amazon Alexa is missing one big thing before it gets into health care - CNBC September 25, 2017
    CNBCAmazon Alexa is missing one big thing before it gets into health careCNBCNot all health app developers will be subject to HIPAA, but the law requires that "covered entities," such as doctors and health plans, as well as their business associates, are compliant. That means that health developers can build Amazon Alexa skills ...Amazon Alexa […]
  • Viewpoint: HIPAA, HITECH at fault for information blocking — Not EHR vendors - Becker's Hospital Review September 25, 2017
    Viewpoint: HIPAA, HITECH at fault for information blocking — Not EHR vendorsBecker's Hospital ReviewTwo pieces of legislation — HIPAA and the Health IT for Economic and Clinical Health Act — that were meant to facilitate health information exchange have actually hampered the flow of data, wrote Niam Yaraghi, a fellow at Washington, D.C.-based ...
  • To Foster Information Exchange, Revise HIPAA and HITECH - Health Affairs (blog) September 19, 2017
    Health Affairs (blog)To Foster Information Exchange, Revise HIPAA and HITECHHealth Affairs (blog)We know that when patients are provided with access to their medical records, they feel more in control of their care, understand their health conditions and their care plans better, prepare for their visits, and adhere more to their medications ...and more »