What is HIPAA Compliance?

To file a complaint for violation of your rights under HITECH or HIPAA, visit the Dept. of Health & Human Services website.

Otava’s white paper on HIPAA Compliance for cloud services is ideal for executives and IT decision-makers seeking a primer as well as up-to-date information regarding HIPAA compliance best practices and specific technology recommendations, including cloud-based HIPAA compliant hosting options.

Download the HIPAA Compliance white paper.

Read below for an excerpt about what is HIPAA compliance:

HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.

The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI).

If you are hosting your data with a HIPAA compliant hosting provider, they must have certain administrative, physical and technical safeguards in place, according to the U.S. Department of Health and Human Services. The physical and technical safeguards are most relevant to services provided by your HIPAA compliant host as listed below, with detail on what a HIPAA compliant data center is.

• Physical safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).
• Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.
• Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations.
• Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact.
• Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.

A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.

HIPAA compliance requirements continue to evolve and change, which is why it is important to stay up-to-date on all compliances, or partner with a Cloud Service Provider that bakes compliance into all of their solutions, like Otava. HIPAA requirements have progressively gotten stricter to more tightly protect sensitive and personal data handled in the healthcare industry. For this reason, navigating the hurdles to keep in compliance can often be a challenge.

Bottom Line:

If your business operates in healthcare or a related industry, chances are you will have to adhere to HIPAA compliance. HIPAA was established to give guidance and set expectations for businesses on how they can care for the privacy and protection of patient’s data. Without it, sensitive date could more easily be destroyed, or worse, fall into the wrong hands.

Let’s Get In Touch

Ready to proceed with HIPAA compliant cloud hosting services? Otava can help. Our experts are trained in HIPAA compliant processes, policies and procedures to ensure that when your data is in our cloud, it remains in accordance with federal law. Contact us to chat with someone now and learn more about what HIPPA compliance is and how it affects your business. We’ll be your trusted advisors to ensure you ace every audit.

GET IN TOUCH

Resources: U.S. Department of Health and Human Services.

Further HIPAA reading materials

What Is The HIPAA Security Rule? How can you be certain that your patients’ electronic health information is adequately protected? The HIPAA Security Rule was created to help you answer that question more confidently…(Keep Reading)

What Is The HIPAA Privacy Rule? Physicians are entrusted with some of the most intimate and personal information in a patient’s lifetime—account and identity information as well as health information. Patients expect that information…(Keep Reading)

HIPAA FAQ: Curious to learn more about meeting HIPAA compliance or understand what HIPAA specifically covers? Our FAQ has all the answers to everything you ever wanted to know about HIPAA, HITECH, penalties, audits and more. (Read More)

Who needs to be HIPAA Compliant: The HIPAA Security Rule applies to all health plans, healthcare clearinghouses, and to any healthcare provider who transmits protected health information (PHI) in electronic form, or electronic protected health information (ePHI). According to the U.S. Department of Health and Human Services, those that fall under this category are known…(Keep Reading)

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.