What Is HIPAA Compliance
HIPAA – (Health Insurance Portability and Accountability Act) In 1996, The United States legislation created HIPAA as a way to provide data privacy and security provisions for safeguarding medical information.
HIPAA, sets a standard for protecting sensitive patient data. Any company that deals with protected health information or PHI must ensure that all the physical, technical, network and process security measures are in place and followed in order to a breach of information.
What’s the penalty for noncompliance on HIPA or a violation? $100 to $50,000 per violation, with a maximum penalty of $1.5 million per year for violations of an identical provision. Ouch! It would be a lot easier to not have to worry about that and just work with an IT Firm that specializes in HIPAA compliance. (plug. IPSOFACTO IT Services)
Any business that provides treatment, payment and operations in healthcare and any associated business that has access to that patient information and provides support in the treatment, payments or operations must be in-compliance. This includes any subcontractors or business associates.
That’s a lot of “T’s” to cross and “I’s” to dot in order to ensure data and technology is protected and secure for everyone.
Accounting to the U.S. Department of Health and Human Services, If you are hosting or handling any sort of medical data, patient info or sensitive healthcare information you must have specific administrative, physical and technical safeguards in place.
- Physical Safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).
- Technical Safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.
- Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations.
- Technical Policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact.
- Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.
A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPPA requirements by raising the penalties of health organizations that violate HIPAA privacy and security rules.
This HITECH act was a response to the continued growth and advancements in health technology and the increased use, storage and transmittal of electronic health information.
Needless to say, in today’s high tech and digital world security and privacy is just as important as the mobility and convenience that these technologies provide. If you are running a business that deals with sensitive medical information and need to be HIPAA Compliant In San Francisco, you’ll want a partner that is certified and knows the ins and outs of the rigorous requirements to be 100% compliant and worry free, IPSOFACTO IT Services.