The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) combine to implement strict requirements for all health providers when dealing with patient privacy and the security of protected health information (PHI). Security breaches can result in severe fines or even jail time.
Use of electronic health records (EHR) more than tripled from 2001 to 2011. As more hospitals, pharmacists, doctors and other health providers switch from paper/physical records to EHR, they must comply with new security measures as implemented by HIPAA and HITECH. Many health organizations are also migrating to the cloud for convenient storage and hosting of ePHI and EHR systems. When choosing a cloud provider it is more important than ever to select a fully compliant and secure facility.
What does HIPAA mean for health providers' IT departments?
HIPAA and HITECH are designed to protect "individually identifiable health information", which is anything that can be tied to an individual, including names, social security numbers, etc. This information must be secured if it is (1) transmitted by electronic media, (2) maintained in electronic media or (3) transmitted or maintained in any other form or medium. Providers may not use or disclose PHI except (1) to the individual, (2) for treatment, payment or otherwise in compliance or (3) incident to an otherwise permitted use.
Disclosure of PHI to business associates, like infrastructure providers, requires both parties to sign a Business Associate Agreement (BAA), which outlines the security measures in place to protect PHI on both sides. The HIPAA Security Rule requires three categories of safeguards:
How is Green House Data HIPAA Compliant?
Green House Data is independently audited for HIPAA compliance by Linford & Co, a rigorous and lengthy process including the assigning of a security officer responsible for development and implementation. Risk assessments, review measures, incident response procedures and business continuity plans were all put in place, adding to our existing high-level security measures like firewalls, encrypted transmission, user identificiation and facility security.
All employees are trained in HIPAA security and compliance. Green House Data will work with your organization to create a custom, secure solution that will help achieve HIPAA compliance without placing on the strain on your internal IT department. We sign BAAs for every HIPAA client.
Seconds matter to us, and Green House Data’s highly available and always-on infrastructure means our staff can access reliable medical data at a moment’s notice. In addition, Green House Data’s HIPAA compliance ensures we never have to worry about the safety of our records. Our top priority when choosing our colocation provider were our patients, and Green House Data has helped us continue to provide the best possible care to our patients in Cheyenne and across the region.