HIPAA, the Health Insurance Portability and Accountability Act, is aimed at protecting the health insurance coverage of American workers and their families and securing the stability and privacy of their healthcare data. With a large portion of HIPAA focusing on data security, it is important to establish if you and your IT services provider in Los Angeles are covered by HIPAA, and if you are, you are complying with the law.
Are You Covered By HIPAA?
As with a lot of rules and laws, HIPAA can get both complex and difficult to understand. The first thing to understand is that HIPAA refers specifically to ‘covered entities’ and ‘business entities’.
Covered Entities
HIPAA refers to three main types of covered entity:
- Health plans
- Clearinghouses
- Providers
- Business associates
If a covered entity hires a business associate to undertake or help undertake its health care operations, HIPAA defines certain conditions that should be met. This essentially means a suitable contract must be in place and that the business associate must be HIPAA-compliant.
So, you can start to see that if you are covered entity, you must ensure you comply with HIPAA rules. Furthermore, if you are a covered entity and you hire a business associate to help with some of your health care works, the business associate will have to be HIPAA-complaint. Finally, if you are hired by a covered entity to help with their healthcare activities, you will need to be HIPAA-compliant. In all cases, HIPAA-compliance will affect your IT services in Los Angeles.
What Data is Covered?
HIPAA refers to protected health information (PHI). PHI is the data you will need to ensure is secured if you are HIPAA-compliant. We’re really talking about electronic data and transactions, so in our case, we’re talking about electronic protected health information, or ePHI.
The Need to Ensure Compliance
As an increasing percentage of data is transacted and processed online, often using the internet, this means that both the risks and the costs of breaches are mounting. Even if your PHI is in paper (hardcopy) format, you are still required to comply with HIPAA. At some stage in your healthcare activities, it would be likely that hardcopy data would be processed by you or a business associate electronically at some point, and hence, HIPAA-compliance would be required.
The costs of failing to comply with HIPAA can be steep! Annual fines can run into the millions of dollars.
How to Be Sure You’re Compliant
Everything about HIPAA can get very complicated. It pays to get expert advice. At the very least, you will want to check that your IT services provider in Los Angeles is HIPAA-compliant. Figuring out if you constitute a covered entity or business associate under HIPAA rules can be quite easy or it can be hard to do. If you are hired by a HIPAA covered entity, the contract should make it clear to you that you need to be HIPAA-compliant. Otherwise, the question could be a tough one. At Intelecis, Inc., we can help clients understand HIPAA more easily. Contact us now to learn more about us.