Should Your Business Be Concerned About HIPPA Compliance?
The answer is probably yes because many businesses are required to comply with HIPPA standards and guidelines.
Here’s a quick refresher on what HIPPA is and why it’s important:
HIPPA stands for Health Insurance Portability and Accountability Act. You can see why everyone uses the acronym. HIPPA was enacted by Congress in 1996 with the goal of improving the efficiency and effectiveness of our health care system. To that end, the Act set exacting standards for the protection of vital and sensitive patient data known as protected health information (PHI).
PHI makes each of us quickly identifiable because it contains our name; social security number; address; birth date; payment information; and all of our past, present and even future physical and mental health conditions and treatment plans. Obviously PHI contains information that is significantly more confidential than credit information. Safeguarding this type of highly sensitive information is” mission critical” for any enterprise involved with PHI including healthcare providers, insurers, financial services, and any other healthcare related services
HIPPA established strict guidelines with the HIPPA Privacy Rule and the HIPPA Security Rules defining how this sensitive data must be protected. Most healthcare providers and companies work with a HIPPA compliant hosting provider and data center. The HIPPA Security Rules fall into three categories:
- Administrative Safeguards requires assigning a privacy officer; completion of an annual risk assessment; employee training; workforce security; and adherence to information access management standards for all employees involved with PHI.
- Physical Safeguards are broken down into four areas of compliance requirements that include facility access controls; workstation use; workstation security; and device and media controls.
- Technical Safeguards addresses the five areas of technology that protects PHI. The technology must meet the compliance standards for access control; audit controls; integrity; authentication; and transmission security.
The penalties for not being in compliance with HIPPA standards are very serious. The financial penalties vary significantly, but can be as high as $50,000 or more per violation. If you are concerned about your business meeting HIPPA’s required standards for technology, please give your local Computer Troubleshooters office a call for a consultation. We aren’t dispensing legal advice about HIPPA, but we can certainly help with your technology.