HIPAA Compliance
Loyal IT will never leave you questioning if your business is HIPAA Compliant. Our comprehensive security plan guarantees certainty.
Ensuring HIPAA Compliance takes time, personnel, and other valuable resources from your business. Loyal IT offers a comprehensive end-to-end, multi-layered solution providing a seamless implementation. It’s also timely, accurate, and headache-free. With Loyal IT, you can stop wondering if your compliance efforts are going to waste.
Let us provide you with peace of mind as we guide you and your business down the path of compliance. We will help you achieve confidence in knowing your patients and organization are protected.
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It’s meant to protect sensitive patient data.
The act contains a “Privacy Rule” and a “Security Rule.” These rules pertain to electronic protected health information (e-PHI). They protect the privacy of and sets security standards for this data. These rules establish national standards for how companies working with sensitive patient data must protect its confidentiality, availability, and integrity.
HIPAA protects sensitive patient data by requiring companies that deal with protected health information (PHI) to ensure that all the required physical, network, and process security measures are implemented and followed.
The HIPAA Privacy Rule addresses the saving, accessing, and sharing of medical and personal information of any patient or individual.
The two groups that HIPAA applies to are covered entities (CE) and business associates (BA). Covered entities includes anyone who is providing treatment, payment, and operation in healthcare. Business associates applies to anyone with access to patient information, or anyone who provides support in treatment, payment, or operations.
Did you know that it isn’t only your business that must be HIPAA Compliant, but also the people you do business with?
Business associates of business associates, or subcontractors, must also be in compliance. Below are a few examples of both groups. For more information on covered entities and business associates, visit The Department of Health and Human Services (HHS).
Examples of Covered Entities:
- Doctors
- Dentists
- Pharmacies
- Health Insurance Companies
- Company Health Plans
Examples of Business Associates:
- CPA
- Attorney
- IT Providers
- Billing & Coding Services
- Laboratories
It is important to know who you are hosting your sensitive data with.
In fact, you’re required to host this data with a HIPAA-compliant hosting provider. This provider must have administrative, physical, and technical safeguards in place.
Physical Safeguards
This includes limited facility access and control with authorized access in place. All companies requiring HIPAA compliance must have policies about the use and access of company workstations and electronic media. These policies include the transferring, removing, disposing, and re-using of electronic media and electronic protected health information (ePHI).
Technical Safeguards
Technical safeguards require that only those authorized to access electronic protected health data have the authorization to access control. Access control includes:
- Conditional Access
- Data Loss Prevention (DLP)
- Incident Response
- Security Shaping
- Data Governance
- Encryption
- IT Controls Audits
It is also a rule that tracking logs or audit reports are kept for records of activity on hardware and software, which is helpful for locating the source if there is ever a security violation.
Technical Policies
The purpose of technical policies is to confirm that ePHI is not being altered or destroyed. Data backup solutions should always be in place to ensure that any electronic media errors can be fixed quickly and any patient health information can be recovered accurately and intact.
Network (or Transmission) Security
This safeguard is required to protect ePHI data from unauthorized public access. This includes all methods of transmitting data by email, Internet, private network, or cloud.