Understanding HIPAA Compliance For Any Healthcare Provider

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) applies to any healthcare provider, health plan, and clearing house that electronically maintains or transmits health information pertaining to individuals. HIPAA was designed to promote healthcare standards for patient confidentiality, provide an incentive for electronic communications, create consist industry standards and the reduce administrative costs of healthcare. The Standards for the Security of Electronic Protected Health Information (the “Security Rule”) went into effect in April of 2006. The Security Rule requires health care providers, health plans and clearing houses to have data security standards in place.

The Security Rule and Data Backup

Many of the Security Rule’s standards apply to the backup of data. Health care providers, health plans and clearing houses must have a contingency plan that will:

Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.

This contingency plan must include a data backup plan, a disaster recovery plan, and emergency mode operation plan. They must also have certain physical safeguards, such as facility access controls. The Security rule is further detailed through 18 technical standards and 36 implementation specifications not covered in this document.

HIPAA Technical Safeguards Required

Health care providers, health plans and clearing houses must also implement the following technical safeguards: Encrypt and decrypt electronic protected health information, limit access to electronic protected health information, put audit controls in place that record and examine activity in information systems that contain electronic protected health information, and implement technical security measures to guard against unauthorized access to electronic protected information that’s being transmitted over an electronic communications network.

What Health Care Providers Should Be Looking For From a Technical Service Provider:

1. Can you provide them with a complete end-to-end solution?

2. Do the offered solutions support technology upgrades?

3. Does the MSP/VAR understand the changing regulatory environment?

4. Technology changes quickly, so can MSPs/VARs stay one step ahead of the curve?

5. Can the MSP/VAR give support and assistance when needed?

6. Will the MSP/VAR stay involved over the long-term and look for opportunities to anticipate
future needs?

You can find more information about understanding HIPAA Compliance in our guide or contact us today.

Dale Shulmistra is a Business Continuity Specialist at Invenio IT, responsible for shaping the company’s technology initiatives -- selecting, designing, implementing & supporting business continuity solutions to bolster client operational efficiencies and eliminate downtime.