Do I Need to Be HIPAA Compliant?

Adnan Raja
by (131posts) under Healthcare IT
0 Comments
  • Who Needs to Be Compliant?
  • The Role of the Healthcare Clearinghouse
  • Interviewing Business Associates
  • Making Strong HIPAA Choices

Who needs to Be Compliant?

You need to be compliant with the Health Insurance Portability and Accountability Act if you are a covered entity or business associate. Business associates are a catch-all group that includes any company performing a service for covered entities that exposes it to protected health information (electronic health records or other data). Covered entities include health care providers, health care plans, and health care clearinghouses.

HIPAA Health Care Provider Definition

A  HIPAA health care provider is any organization or individual that provides health care services and processes PHI in digital form. Examples include doctors, chiropractors, and pharmacies.

health Care Plan Definition

A health care plan is a program set up for a person or business (such as an employer) that pays health care expenses. Examples include health insurance firms and Medicare.

Health Care Clearinghouse Definition

What is a healthcare clearinghouse? These are companies that convert nonstandard health data into standard health data or vice versa.

A healthcare clearinghouse can be “a public or private entity, including a billing service, repricing company, community health management information system or community health information system, and ‘value-added’ networks and switches,” explained Ohio law firm Bricker & Eckler LLP.

If you are unsure whether or not you fit one of those definitions, you can complete this short Q & A from the federal government.

The Role of the Healthcare Clearinghouse

People are often unfamiliar with that third category, the clearinghouse. The role that it serves is essentially a “middleman” that sends claim data from a provider (such as a clinic) to a payer (such as an insurance company). One of the primary activities conducted by health care clearinghouses is claims scrubbing, which essentially checks for any possible mistakes and make sure the claim is formatted properly for reading by the payer’s system.

“The clearinghouse also checks to make sure that the procedural and diagnosis codes being submitted are valid and that each procedure code is appropriate for the diagnosis code submitted with it,” said For Dummies. “The claim scrubbing edit helps prevent time-consuming processing errors.”

Interviewing Business Associates

The first business associates are actually getting audited in 2015. Your choice of a business associate should now focus even more on credibility, since HITECH essentially means broader responsibility: your tech partners and others can now receive penalties as well.

Here are a number of questions that were asked of us recently by a company who were thinking about switching to our HIPAA server hosting environment.

Healthcare client:

What is your business continuity plan for HIPAA?

HIPAA hosting specialist:

Please see our business continuity plan attached.

Healthcare client:

What is your backup plan for HIPAA?

HIPAA hosting specialist:

We provide Fully Managed Daily Encrypted Backup for all of the files and databases on separate Encrypted Storage Nodes. Other information is listed in the attached.

Healthcare client:

Is there any difference between regular data centers and HIPAA-compliant data centers? Please tell me why it is different.

HIPAA hosting specialist:

A HIPAA compliant Data Center has been audited for HIPAA and HITECH compliance.

Healthcare client:

What is your emergency plan? Do your technicians stand by 24/7?

HIPAA hosting specialist:

We operate a 24 X 7 X 365 Live Engineering support environment.

Healthcare client:

What is your plan to prevent data leakage? Like USB leakage (Both data center & our office).

HIPAA hosting specialist:

The documents I have attached cover this question. We are not involved in the customer’s HIPAA compliance in their office environment. This requires that the customer contract with a HIPAA consultant.

Healthcare client:

According to your website, you are HIPAA compliant, but is there any proof of evidence? (certification/audit)

HIPAA hosting specialist:

The documents I have attached include HIPAA certification.

Healthcare client:

As far as my understanding, virtual server hosting has some problems with HIPAA’s security rules. Is it safe to put our data into a virtual server?

HIPAA hosting specialist:

We will not issue a BAA based on the use of a Public Cloud / VPS hosting environment (including our own). That does not mean that you cannot create a Private Virtualized environment by using Private Dedicated Server Hardware containing multiple VPSs.

Healthcare client:

What is the price for HIPAA compliant Windows Cloud Hosting?  (access from only one location)

HIPAA hosting specialist:

With 1 TB of Self-Encrypted Storage it is $xxx per month on a 12-month agreement with no setup fee.

Making Strong HIPAA Choices

HIPAA audits are on the rise, with the DHHS reportedly ready to crack down on any violations. Violations and settlements aren’t just expensive and distracting. They can also be a publicity nightmare, since any data compromises affecting 500 people or more must be reported to a major media outlet.

Whatever your technical requirements, Atlantic.Net offers the industry-leading HIPAA Compliant hosting solution, audited by a fully qualified and independent third party among many other service options like VPS Hosting.

By Moazzam Adnan


Related Posts