Does Your Company Need To Be HIPAA Compliant?

Does Your Company Need To Be HIPAA Compliant?

Craftech Business IT Services, Media, Pa - Hipaa Image

A new rule extends HIPAA compliance requirements to covered entities’ business associates, forcing them to reexamine data security and privacy. Many companies could be considered “business associates” under the new HIPAA compliance rule. These associates include technology services providers such as software vendors, IT support companies, consulting outfits, data processing, companies hosting companies, cloud service providers, as well as Law Firms, Accounting Firms, and Financial Advisors any vendor potentially comes in contact to a client’s ‘personal’ electronic data. It’s this situation where many business associates don’t realize they’re now considered one and therefore must follow the new HIPAA rules.

HIPAA (Health Insurance Portability and Accountability Act) is United States legislation that provides data privacy and security provisions for safeguarding medical information.

Is divided into three categories, these are safeguards that include administrative, physical and technical controls. The standards set by these safeguards are the source of most of the confusion is how to satisfy HIPAA. These details are called HIPAA implementation specifications, and they are defined as either required or addressable.

Required HIPAA implementation specifications are straight forward where the healthcare provider must implement the rule as specified. A disaster recovery plan is an example of a required specification under the HIPAA Security Rule.

The rule requires the placement of safeguards, both physical and electronic, to ensure the secure passage, maintenance and reception of protected health information (PHI). When assessing the risks and vulnerabilities associated with PHI and electronic protected health information (ePHI), there are three questions health care organizations should ask.

  • Can you identify the sources of ePHI and PHI within your organization, including all PHI that you create, receive, maintain or transmit?
  • What are the external sources of PHI?
  • What are the human, natural, and environmental threats to information systems that contain EPHI and PHI?

Enforced by the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS), the HIPAA Security Rule aims to protect patient security while still allowing the health care industry to advance technologically. The U.S. Department of Health and Human Services (HHS) established national standards for processing electronic healthcare transactions. It also requires healthcare organizations to implement secure electronic access to health data and to remain in compliance with privacy regulations set by HHS.

Establish the organizational processes first and then employ technology to facilitate them. You can fine tune both your processes and your technology practices as you go, but be confident that your organizations are clear on who’s responsible, what needs to be protected, and how you will protect it.

Achieving HIPAA compliance is not easy. We need to be mindful of fundamental elements of compliance, while making the goals understandable to help your organization meet the challenge more effectively. We at CrafTech can help you accomplish this!


Comments are closed.

Our Satisfied Customers

From full network setup, tech support, data backup, and more, CrafTech strives to provide you with solutions to all your IT needs.

Craftech was able to meet each one of our needs from network configuration and optimization, domain creation and configuration, spam and malware prevention and defense, remote PC access, internet and WiFi optimization, printer and device management, and many Read More
Zafeiris AkranisPhilly's Best Steak Company, Inc
We recently engaged Craftech to update our entire office network set-up (email, Sharepoint, Cybersecurity and unified Wi-Fi installation) in both of our locations in Philadelphia and Marlton New Jersey. Craftech is extremely professional and organized. We are also using Craftech to manage our IT services and are ...
Adrian LoAdrian Lo MD PC
I have been a loyal, enthusiastic customer of CrafTech (Tony) for about 25 years now. Craftech from Day One handled all of my needs, for a fair and reasonable price with top-notch service.  Read More
I just wanted to let you know what a great job Evan did on Friday with Laura Martin’s PC. We really appreciate his diligence in taking care of the situation.
Eric Bause, ARM, Media PA | Consulting ActuaryThe Actuarial Advantage Inc.
We’ve gotten the best responses, problem solving and service with a smile that we’ve had since doing business with CrafTech.
Danielle Shull, PresidentPinnacle Healthcare Recovery Partners
It is such a huge weight off my shoulders to know that our data is safe, and that ANY problems I have with my computer, your team will fix it for me…and QUICK!
Jennifer L. Borys, PresidentWoodside Associates
If you would like excellent service at a great price CrafTech is the place to go.
Susan Griffin
Being able to call CrafTech for small or large problems, hardware, quick solutions and always getting a fast reliable fix….Priceless!!!
Donna/Irene/Joanne/Tina, AdministratorsUpper Providence Township
CrafTech is responsive when we call and are very efficient. They find the most cost effective way to deal with issues.
Ido Roizman, ControllerRoizman
The real testament to CrafTech is their responsiveness. I can’t even remember a time when our servers have been down for more than 30 minutes.
Denise Urban, Business ManagerRes-Kem General Water

Minimal down time.
It is a transformation of your Managed IT services experience!

Contact Us

We strive to provide our clients with the best possible IT services and support. We will be able to suit your needs.

Media Office

34 State Road
Media, PA 19063
(610) 566-0980

Aston Office

4748 Pennell Road
Aston, PA 19014
(610) 494-5141