In an age where virtualization is at the forefront of the technology landscape, choosing vendors that are compliant with specific regulations is more important now than ever. The Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry (PCI) regulations are stringent security standards developed to protect personal health information and payment card information. These regulations are becoming increasingly important as covered entities (CEs) are moving data to the cloud. But what if you’re not a CE?
Imagine this—you are an attorney who takes on cases and provides legal services surrounding health insurance. Suddenly, you find out there has been a data breach and all your clients’ proprietary information is accessible to others. You lose clients and are suddenly in violation of the HIPAA regulations set by the U.S. Department of Health and Human Services.
Another example: you are a chiropractor who is expanding your practice and built a website so that clients can make appointment inquiries digitally. A client inputs their identifiable personal information as well as insurance information on the text form on your website. You are now responsible for the transmission and storage of that information and its security.
What many companies moving to the cloud don’t realize is that traditionally non-covered entities can still be required to adhere to HIPAA regulations and appropriately safeguard protected health information it receives, creates, maintains, or transmits on behalf of a covered entity. This information, when transmitted electronically, is known as e-PHI. The HIPAA Security Rule and the HITECH Act of 2009 address specific requirements for protecting e-PHI. The measures include:
- Ensuring the confidentiality, integrity, and availability of all e-PHI that is created, received, maintained, or transmitted
- Identifying and protecting against reasonably anticipated threats to the security or integrity of the information.;
- Protecting against reasonably anticipated, impermissible uses or disclosure
- Ensuring compliance by their workforce
Ready to secure your business with our HIPAA and PCI compliant hosting?
The Office of the National Coordinator for Health Information Technology (ONC) examined non-HIPAA-covered entities and the results were startling—health data privacy and security measures haven’t kept pace with evolving technology, and multiple violations have cost some business up to $1.5 million in fines.
Liability flows downstream, and CEs as well as their business associates must complete their due diligence by using vendors that ensure HIPAA and PCI compliance.
Contact Us about our secure HIPAA and PCI solutions.