The HIPAA Privacy Rule provides federal protections for personal health information
Held by covered entities and gives patients an array of rights with respect to that information.
At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronically protected health information.
Dealing with any sort of company information is always a sensitive area, and when storing thousands of patients’ medical history it becomes even more so. With a lot more scrutiny on where information is being stored, it’s important to know exactly what you’re responsible for and what security measures are required to be HIPAA compliant.
As I’m sure anyone in the health care field knows, HIPAA is a roadblock when it comes to the transfer of a person’s health information. The idea of not being in constant sight or reach of your data is scary when there is an entire act revolving around the storage of your information.
The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. In 2003, the HIPAA Privacy Rule was then passed, this created national standards to protect individuals’ medical records and other personal health information.
Within HIPAA there are three categories of entities that are required to comply with the security regulations:
”Covered Entities.” (Example: Health insurance companies, clearinghouses, health care providers, etc. who transmit health information in electronic form.)
”Business Associates who serve Covered Entities.” (Example: Billing, claims processing, etc. Company or individual whose services that involve the use or disclosure of individually identifiable health information.)
Needs to comply with HIPAA, and the services offered by cloud storage vendors fall within the Final Security Rule. So it is important to choose a cloud storage vendor that understands and offers a secure storage solution.
It’s important to understand where your company fits in, and what you need to follow in order to remain HIPPA compliant. Try creating a checklist of everything you need to do, this will help you decide if a provider is right for your needs. To help get you started, we’ve created a list of five of the most important items you need to have in order to remain compliant.
1. Unique User Identification: Assign a unique name and/or number for identifying and tracking user identity.
2.Transmission Security: Implement technical security measures to guard against unauthorized access to electronically protected health information that is being transmitted over an electronic communications network.
3. Facility Security: Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft.
4. Contingency Plans: Ensure there are accessible backups of ePHI and that there are procedures for restore any lost data.
5. Risk Analysis: Perform and document a risk analysis to see where PHI is being used and stored and to determine what all possible ways HIPAA could be violated are
Hopefully, these five important items will help to get you started on your path to becoming compliant in the cloud.