Protecting private patient information is crucial, especially in this day and age of online storage and transactions. As the media reports more and more healthcare-related security breaches, it may be time for you to find out if you need to be HIPAA Compliant. Designed to protect patients, HIPAA is required for many businesses that deal with private health data. While there is much more to HIPAA than the data center where your data is stored, Liquid Web can be an important part of your overall compliance with HIPAA standards. At Liquid Web, we provide the utmost in security with our compliant network solutions, physical and data security measures, highly available infrastructure, and 24/7/365 onsite HIPAA trained staff. In combination with our recommended HIPAA Compliant hosting plans, we can help you achieve the compliance you need. So how do you know if you should become HIPAA Compliant? We’ve gathered some helpful information that might set you on the right track.
What is HIPAA anyway?
HIPAA, or Health Insurance Portability & Accountability Act, is a strict set of regulations created in order to keep critical health information secure and confidential. This is especially important as many organizations that deal with patient health information store that data digitally. Recent large healthcare security breaches have only cemented the importance of HIPAA Compliance for your business and customers.
What kind of data is protected by HIPAA standards?
Any private medical data needs to remain confidential and secure, including but not limited to health records, patient charts, health insurance claim information, lab results, x-rays, and surgery documentation. HIPAA calls this data “ePHI,” or electronic protected health information.
What kind of businesses are required to comply with HIPAA?
The U.S. Department of Health & Human Services (HHS) have defined the businesses required to comply with HIPAA as “Covered Entities,” but only if they transmit any information in an electronic form in connection with a transaction for which HHS has developed a standard. Covered Entities included are as follows:
- Healthcare Providers - Including doctor’s offices, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies.
- Health Plans - Including health insurance companies, HMOs, company health plans, and government programs like Medicare and Medicaid.
- Healthcare Clearinghouses - Including businesses that process health information from another entity either from a non-standard form to a standard form, or vice versa.
In addition, HIPAA applies to any business working with a covered entity to carry out its health care activities. Liquid Web could be one such “Business Associate” or "Sub-Contractor Business Associate." When a covered entity enlists a business associate like Liquid Web for assistance in storing health information, a Business Associate Agreement might be needed to lay out the responsibilities of each party. For more information on who is required to be HIPAA compliant, please see the HHS HIPAA website.
Why comply with HIPAA Standards?
These HIPAA standards exist to protect your patients’ confidentiality and privacy, ensuring your business has a trustworthy reputation. In addition, those that do not comply with the standards face being shut down and/or heavily fined. HIPAA’s standards are enforced through investigating complaints filed with the HHS and through conducting compliance reviews. While HIPAA Compliance can be a confusing thing to understand, our trained technicians can help you get on the road to achieving HIPAA Compliance for your business. Our carefully designed HIPAA Compliant hosting plans and our highly secure and compliant Data Centers, security, and networks, take some of the weight off your shoulders. If you think your business needs to be HIPAA compliant, let us know how we can help.