Loyal IT will never leave you questioning if your business is HIPAA Compliant. Our comprehensive security plan guarantees certainty.
Ensuring HIPAA Compliance takes time, personnel, and other valuable resources from your business. Loyal IT offers a comprehensive end-to-end, multi-layered solution providing a seamless implementation. It’s also timely, accurate, and headache-free. With Loyal IT, you can stop wondering if your compliance efforts are going to waste.
Let us provide you with peace of mind as we guide you and your business down the path of compliance. We will help you achieve confidence in knowing your patients and organization are protected.
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It’s meant to protect sensitive patient data.
The act contains a “Privacy Rule” and a “Security Rule.” These rules pertain to electronic protected health information (e-PHI). They protect the privacy of and sets security standards for this data. These rules establish national standards for how companies working with sensitive patient data must protect its confidentiality, availability, and integrity.
HIPAA protects sensitive patient data by requiring companies that deal with protected health information (PHI) to ensure that all the required physical, network, and process security measures are implemented and followed.
The HIPAA Privacy Rule addresses the saving, accessing, and sharing of medical and personal information of any patient or individual.
The two groups that HIPAA applies to are covered entities (CE) and business associates (BA). Covered entities includes anyone who is providing treatment, payment, and operation in healthcare. Business associates applies to anyone with access to patient information, or anyone who provides support in treatment, payment, or operations.
Did you know that it isn’t only your business that must be HIPAA Compliant, but also the people you do business with?
Business associates of business associates, or subcontractors, must also be in compliance. Below are a few examples of both groups. For more information on covered entities and business associates, visit The Department of Health and Human Services (HHS).
Examples of Covered Entities:
- Health Insurance Companies
- Company Health Plans
Examples of Business Associates:
- IT Providers
- Billing & Coding Services
It is important to know who you are hosting your sensitive data with.
In fact, you’re required to host this data with a HIPAA-compliant hosting provider. This provider must have administrative, physical, and technical safeguards in place.
This includes limited facility access and control with authorized access in place. All companies requiring HIPAA compliance must have policies about the use and access of company workstations and electronic media. These policies include the transferring, removing, disposing, and re-using of electronic media and electronic protected health information (ePHI).
Technical safeguards require that only those authorized to access electronic protected health data have the authorization to access control. Access control includes:
- Conditional Access
- Data Loss Prevention (DLP)
- Incident Response
- Security Shaping
- Data Governance
- IT Controls Audits
It is also a rule that tracking logs or audit reports are kept for records of activity on hardware and software, which is helpful for locating the source if there is ever a security violation.
The purpose of technical policies is to confirm that ePHI is not being altered or destroyed. Data backup solutions should always be in place to ensure that any electronic media errors can be fixed quickly and any patient health information can be recovered accurately and intact.
Network (or Transmission) Security
This safeguard is required to protect ePHI data from unauthorized public access. This includes all methods of transmitting data by email, Internet, private network, or cloud.
What Our Clients Are Saying
Loyal IT and the entire team there have been partners in our success. From the time they began working with us we saw immediate improvement in functionality, reliability, and overall stability of our operating platform. In an independent cyber-security audit, Loyal IT helped our company achieve a better score than most companies significantly larger than ours. We appreciate that we have accomplished all of this within a reasonable budget and on a time line that worked for us. The best compliment I can give Loyal IT is that I do not often have to think about our operating platform but am able to focus on running our own business.
Chief Financial Officer
Publicly-traded Real Estate Investment Trust, Client Since 2014
I think Loyal IT is a wonderful and reliable service provider. They have a very courteous and knowledgeable staff. Our organization contemplated hiring a full-time engineer to manage our servers and computers. I am glad we picked Loyal IT to handle the job. Proud customer since 2006.
Vice President of Finance & Administration
Association with 6 branch locations, 600 Employees, Loyal IT Client since 2006
Our church has been a customer since 2001. Loyal IT was able to assess our needs as we grew as a parish and provide the service we have come to expect. Not only do you receive service during the sale but long after the equipment has been installed. We are very pleased with all the decisions Loyal IT helped us make.
Non-Profit Serving Over 5500 Families, Loyal IT Client since 2001
Loyal IT has been taking care of the computers in our offices for several years. They understand the true meaning of service. When I need them to take care of something, they do it fast and they do it right. Thank you Loyal IT!