SandStorm IT

Power On

  • Services
    • Managed IT Services
    • Servers & Networks
    • Business Computers & Support
    • Cloud Services & Data Backup
    • Custom Software Development
    • VoIP Telephone Solutions
    • Custom Web Design
    • Disaster Recovery Solutions
    • Security & Compliance
    • IT Consulting
  • Technologies
  • Pricing
  • Work
  • About
    • Our History
    • Our Team
    • Careers
    • Press
  • Blog
  • Contact
    • (901) 475-0275
  • Help Me

What is HIPAA compliance?

August 11, 2020 By SandStorm IT

What is HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act of 1996 that was enacted by Congress and signed into law in 1996.  There are many provisions to HIPAA covering many items mostly dealing with health insurance and regulations on what can be offered and how. Additionally, HIPAA also details regulations about a patient’s right to access your protected health information.  But where HIPAA comes into play in the IT realm is in the privacy aspect of the protected health information. 

Protected Health Information, or PHI, is basically a patient’s health record as it sits in an Electronic Health Record (EHR) system or in any files or folders on a computer where patient data lives.  It could be anything regarding health status, if a patient has health care, health care payments, etc.  One of the provisions of HIPAA is the Privacy Rule.  It states that covered entities are to ensure that PHI is protected from unauthorized access by documenting and putting in place policies and procedures regarding privacy of health records. 

 

What is HIPAA compliance?

First off, HIPAA compliance is not a certification that you receive from a company or from the government.  HIPAA compliance is an ongoing process of developing and documenting privacy policies and training employees on those policies.  Additionally, HIPAA requires covered entities to appoint a privacy official and a contact person responsible for receiving HIPAA privacy complaints and to train other employees.

Covered entities are mentioned in a previous paragraph.  Covered entities are generally healthcare clearinghouses, employer-sponsored health plans, health insurers, and medical services providers (doctors, hospitals, clinics, etc).  Additionally, if you are a covered entity, and you allow another business access to your PHI, they are a business associate and you must have an agreement with them detailing that the business associate will appropriately safeguard PHI.  Business associates as the law states are “legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to or for such covered entity, or to or for an organized health care arrangement in which the covered entity participates.” 

 

I need to be HIPAA compliant.  What do I need to do?

First, you should review the US Department of Health & Human Services website on HIPAA available at https://www.hhs.gov/hipaa/index.html.  They have a wealth of information on HIPAA and how it applies to professionals and steps that need to be taken. 

Second, you’re going to need to come up with privacy policies and procedures for your business.  SandStorm IT has policy templates available if you need guidance.  Some covered entities engage law firms that specialize in HIPAA compliance law to develop policy documentation for the business and train individuals on what needs to be done.  Larger covered entities have departments that deal with HIPAA compliance. 

Finally, you’re going to need to deploy the policies and procedures to your workforce and ensure that these individuals adhere to them.  When new employees come onboard, they’ll need to be trained on these procedures as well.  Don’t forget about having business associate agreements in place with your vendors who access your PHI.

 

As always, if you have any questions regarding HIPAA compliance or any other technology needs, contact your on demand IT partner SandStorm IT at (901) 475-0275.

Related Posts

  • How can software licensing affect my business?
  • How can software licensing affect my business?
  • Serverless (cloud) computing - What can it do for my business?
  • When does your business need a server?
  • Are you still running your business on spreadsheets?

Categories: Business, Cybersecurity, General Business

Subscribe to Our Newsletter

Check your inbox or spam folder now to confirm your subscription.

SANDSTORM IT BLOG

Featured
News
Press Releases
SandStorm News
Security Alerts & Vulnerabilities
Managed Services
Managed Anti-Virus/Anti-Malware
Managed Backups & Monitoring
Updates/Patches
Passwords
Cybersecurity
Spyware/Malware/Viruses
Social Engineering/Phishing
Ransomware
Data Breaches/Leaks
Other
Servers
Server & Server Hardware
Cloud/Serverless Computing
Server Operating Systems
Networking
Wired Networking
Wireless/Wi-Fi
Internet of Things (IoT)
5G & Mobile Networking
Business
General Business
Enterprise Resource Planning (ERP)
Voice & Telephony
Backups & Business Continuity
On-Site Backups
Cloud Backups
DR/BCM Planning & Consulting
Personal Computing
Tips/Tricks/Shortcuts
Troubleshooting
Hardware & Peripherals
Desktop Operating Systems
Software & Applications
Office Applications
Desktop Software
Email Software and Applications

Authors

Authors
Doyle Sanders
Jake Sanders
Jordan Sanders
Justin Oliver
Matt Ballard
Robert Cleveland
Cristian Colón
Jacob Ellis
Jeff Fowler
Miker Irick
Curtis Mayo
Josh Restuccio
Lindsey Sanders
Matthew Stafford
Josh Yarbrough

Give Us a Call

(901) 475-0275
61 Atoka-McLaughlin Dr.
Atoka, TN 38004

About SandStorm IT

SandStorm IT is a team of committed professionals who are dedicated and excited to solve your technology needs.  We accomplish this through understanding your business and then applying the appropriate technology solutions to meet the needs.

Our breadth of experience with information technology covers a range of diverse skill sets such as server setup and configuration, network and firewall solutions, VoIP telephone systems, web and database hosting, custom web application programming, mobile development, and IT security practices and policies.

SandStorm IT has the desire, expertise, and commitment to bring your vision to life.

  • Services
  • Technologies
  • Pricing
  • Work
  • About
  • Blog
  • Contact
  • Help Me
Authorized Solution Provider