Health Insurance Portability and Accountability Act (HIPAA)

Overview

There are two major sections covered by HIPAA:

  • HIPAA Privacy Rules ensure the protection of confidentiality of patient medical data
  • HIPAA Security Rules ensure security, confidentiality, and availability of medical data

HIPAA Privacy Rules protect “personal or protected health information” or PHI. Special attention is paid to data that is managed or sent from organizations through email. The objective of HIPAA Privacy Rules is to detect and terminate any circumstances in which PHI can be used or disclosed without the knowledge of patients. Organizations should also be able to provide access to PHI, as well as data relating to personal data disclosure, upon the request of third parties, or organizations to the patient, or his/her representative.

HIPAA Security Rules also establish several basic principles for organizations. It is imperative to guarantee the confidentiality, integrity, and availability of all PHI that is created, received, managed or transferred by the organization. In addition, this information shall be protected from security and integrity threats, inadmissible use, or disclosure. Backup is a means of protection from such risks.

ITarian HIPAA Role

While it is the responsibility of your employees and the organization to meet the standards of the Health Insurance Portability and Accountability Act, using our platform can help you reach the goal of HIPAA compliance. ITarian provides several cloud-based applications to help Managed Service Providers (MSPs) / IT service providers grow their business; some of the product features will help with compliance.

ITarian does not collect or store any “personal or protected health information” or PHI.

Security & integrations include:

  • Multi-Factor Authentication (MFA) - Secures who has access to data stored within ITarian
  • Auditing - Log all remote access sessions with times, users and device information
  • Antivirus - Partnered with Comodo and their security products to detect risk and prevent harmful malware / infections from accessing your systems

HIPAA Considerations

Cloud Backup and Electronic Protected Health Info

Key requirements when handling sensitive electronic Protected Health Information (ePHI) include:

  • Physical Safeguards like limiting access and control of facilities like workstations, data processing centres, and any devices with ePHI.
  • Administrative Safeguards like creating and enforcing security policies, periodic risk review and analysis, and provide training.
  • Technical Safeguards like utilizing unique user identification numbers, having an emergency procedure, and data encryption and decryption.

Software Features Checklist for HIPAA Compliance

Data Archiving

It's important to consider software with capabilities to move data that isn't actively used into separate storage devices for long-term retention.

Disaster Recovery

Your backup and disaster recovery should provide rollbacks and continuous recovery.

Encryption

Protected Healthcare Information should be protected by private key encryption to ensure only the client has access to the data. Your software should employ strong encryption measures whether the data is in transit or at rest.

Backup

In addition to backing up to the cloud, your software should also be able to backup information locally for cases where there is no internet connection.