The federal government takes the protection of health information very seriously. If you or your organization violate HIPAA (the Health Insurance Portability and Accountability Act of 1996), you face large fines or even jail time. Here are some examples of what happened to a few organizations who did not follow the HIPAA compliance requirements.
“The University of Washington Medicine has agreed to pay $750,000 to settle charges that it potentially violated the HIPAA Security Rule.”
“TRIPLE-S will pay $3,500,000 for deficiencies in its HIPAA compliance program.”
“A former Texas hospital worker has been sentenced to 18 months in federal prison for criminal HIPAA violations.”
To prevent this from happening, you need to learn more about HIPAA compliant hosting requirements.
What is HIPAA compliance?
In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). It is a broad and detailed Act with several parts. We’ll focus on Title II, which deals with the privacy and security of protected health information (PHI). Because most information is transferred electronically, any website or email system that transfers protected health information (PHI) must use HIPAA compliant hosting.
What is HIPAA compliant hosting?
HIPAA compliant hosting requires four security measures:
- Physical safeguards include authorized access to computers and other hardware used for the storage and transmission of electronic protected health information (ePHI).
- Technical safeguards include access control measures such as unique user IDs, automatic log off, encryption, and an emergency access procedure.
- Network security protects against public access to PHI, including methods of transferring data such as email and the Internet. It also requires that you do not host your site on a shared server.
- Technical policies are the final security measure required and ensure that ePHI is neither changed nor destroyed. All data must also have offsite backup.
Who needs HIPAA compliant hosting?
If you or your organization have any form of contact with protected health information (PHI), then you need HIPAA compliant hosting. The guidelines state that any Covered Entity or Business Associate needs to be HIPAA compliant. Business Associates include any company that comes in contact with electronic protected health information (ePHI).
Covered Entities include
Healthcare providers include the following:
HIPAA and HITECH Compliance
The HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 expands upon the privacy and security protections of HIPAA. It defines the rules for sharing electronic medical records. It also imposes penalties for Covered Entities that fail to have a system in place for protected sharing of medical records.
All healthcare providers and associated entities need to use HIPAA/HITECH compliant hosting. To find the best HIPAA/HITECH compliant hosting provider, be sure to ask the following questions:
- How will you secure my data?
- For what other companies do you provide HIPAA compliant hosting?
- Do you have dedicated onsite servers and secure, offsite backup?
Please email firstname.lastname@example.org if you want to learn more about HIPAA compliant hosting or if you’re not sure that you need it.