Article provided by: edendata.co

HIPAA compliance for startups

HIPPA standards help protect sensitive private healthcare information (PHI). Hackers are constantly attacking Healthcare organizations to steal data to sell on the black market. In addition, criminals may use healthcare data to commit fraud and identity theft. This can cause significant damage to patients.

HIPPA and its purpose

The Health Insurance Portability and Accountability Act was started mainly to streamline the flow of information in healthcare, instruct healthcare and healthcare insurance companies on maintaining and protecting personally identifiable information, and limit insurance coverage such as portability for U.S. citizens.

What is PHI?

Private healthcare information encompasses information that can be used to identify patients connected to a healthcare record. These include:

  • Names or part of names
  • Phone numbers
  • Fax numbers
  • Email address
  • Geographical identifiers
  • Dates directly associated with a person
  • Account numbers
  • Medical record numbers
  • Vehicle license plate numbers
  • Web URLs
  • P. address
  • Whole face or comparable photographic images
  • Serial numbers and device identifiers
  • License or certificate numbers
  • Social security number
  • Health insurance beneficiary numbers
  • Other unique identifiable characteristics

Who should comply with HIPPA?

HIPPA concerns organizations referred to as "HIPPA Covered Entities" (C.E.). They include healthcare providers, healthcare clearinghouses, health plans, and recommended Medicare prescription drug discounts, card sponsors.

In addition, any organization commonly referred to as business associates or B.A., providing third-party service to a C.E. and in the process may come into contact with PHI are required to follow HIPPA rules. They must ensure they have enough safeguards to protect PHI even though they will not create, receive, maintain, or transmit it. Before they can start working together, both the C.E. and B.A. must sign a business associate agreement to guarantee the integrity of PHI.

How can an organization acquire HIPPA compliance certification?

Educating the employees

Threats to HIPPA do not come from external sources only. For example, your employees, volunteers, and other internal players might cause harm knowingly or unknowingly.

Apart from having HIPPA related protocols in place, implementing an ongoing course will help any organization keep HIPPA in mind. Topics should revolve around PHI security and the consequences of breach. Each new member who joins your organization should be trained within a reasonable time.  

Exploring HIPPA compliant hosting

Look for a hosting provider with top-level security storage. When looking for a provider, ensure they are

  • Compliant and have a security expert on the team.
  • Capable of conducting an auditors risk assessment for the environment around ePHI
  • Have a secure off-site backup plan
  • Have experience with healthcare clients
  • They should also provide private cloud solutions using HIPPA compliance software. 

HIPPA compliance for AWS hosted SaaS

For a covered entity to avail of service from amazon web service, they will need to sign a Business Association Addendum (BAA) that determines the extent of permissible disclosure of PHI liability. As such, AWS has obligations to protect PHI.   

Conducting a regular risk assessment

Ensure to conduct a regular risk assessment to identify the possible breach and apply corrective measures. This will help you identify where breaches emanate from, weakness in the system, and possible feedback on improving.

Please contact Eden Data at 512-595-4974 for a free consultation with an experienced cybersecurity consultant.

HIPAA compliance for startups

We welcome your comments!

HIPAA compliance for startups HIPAA compliance for startups

Solution Benefits

Cloud Cover’s solutions are designed to assist business owners with optimizing the value of their IT assets.

IT Roadmap

Maximum Uptime

Business Continuity

Secure Solutions

Cloud Cover
113 South 3rd St, Ste 200
Geneva, IL 60134

(630) 578-0029

cloud@mycloudcover.com

Monday: 8:00 AM - 5:00 PM
Tuesday: 8:00 AM - 5:00 PM
Wensday: 8:00 AM - 5:00 PM
Thursday: 8:00 AM - 5:00 PM
Friday: 8:00 AM - 5:00 PM
Saturday: CLOSED
Sunday: CLOSED