What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law adopted in 1996 that requires Covered Entities (doctors, hospitals, insurance companies, etc.) and Business Associates (covered entities’ vendors) to implement administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of Protected Health Information (PHI). The regulation also established breach notification requirements and penalties for non-compliance.
HIPAA consists of a Security Rule and a Privacy Rule. The Privacy Rule establishes requirements around legal uses and disclosures of PHI, and the Security Rule outlines requirements for protecting PHI.
Who needs to comply with HIPAA?
Virtually any business that stores, processes, transmits, or generates PHI must comply with HIPAA. This statute includes Covered Entities (hospitals, doctor offices, health plans, pharmacies, etc.), as well as Business Associates (business providing services to Covered Entities), such as data processing vendors, medical billing, telehealth, messaging, hosting, and cloud solutions providers.
How to comply with HIPAA?
There is not a one-fits-all approach to compliance as organizations have different people, processes, and technologies. However, there are general requirements that must be met by all organizations.
How can SpaceCenter Systems help?
SpaceCenter Systems employs seasoned professionals with years of experience working in the healthcare industry that can help with addressing all HIPAA requirements. A typical approach consists of the following process:
- Conduct a discovery to understand the clients’ organization, business processes, and technologies.
- Perform a HIPAA evaluation to identify safeguards in place and compliance gaps.
- Perform a risk analysis to identify risks to PHI
- Develop a roadmap for addressing the identified compliance gaps and risks
- Assist the client on executing the roadmap
Depending on the clients’ internal resources expertise and availability, SpaceCenter Systems can implement the entire road map, position the client to execute the road map on their own, or supplement the clients’ team.