Does Your Company Need To Be HIPAA Compliant?

Does Your Company Need To Be HIPAA Compliant?

A new rule extends HIPAA compliance requirements to covered entities’ business associates, forcing them to reexamine data security and privacy. Many companies could be considered “business associates” under the new HIPAA compliance rule. These associates include technology services providers such as software vendors, IT support companies, consulting outfits, data processing, companies hosting companies, cloud service providers, as well as Law Firms, Accounting Firms, and Financial Advisors any vendor potentially comes in contact to a client’s ‘personal’ electronic data. It’s this situation where many business associates don’t realize they’re now considered one and therefore must follow the new HIPAA rules.

HIPAA (Health Insurance Portability and Accountability Act) is United States legislation that provides data privacy and security provisions for safeguarding medical information.

Is divided into three categories, these are safeguards that include administrative, physical and technical controls. The standards set by these safeguards are the source of most of the confusion is how to satisfy HIPAA. These details are called HIPAA implementation specifications, and they are defined as either required or addressable.

Required HIPAA implementation specifications are straight forward where the healthcare provider must implement the rule as specified. A disaster recovery plan is an example of a required specification under the HIPAA Security Rule.

The rule requires the placement of safeguards, both physical and electronic, to ensure the secure passage, maintenance and reception of protected health information (PHI). When assessing the risks and vulnerabilities associated with PHI and electronic protected health information (ePHI), there are three questions health care organizations should ask.

  • Can you identify the sources of ePHI and PHI within your organization, including all PHI that you create, receive, maintain or transmit?
  • What are the external sources of PHI?
  • What are the human, natural, and environmental threats to information systems that contain EPHI and PHI?

Enforced by the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS), the HIPAA Security Rule aims to protect patient security while still allowing the health care industry to advance technologically. The U.S. Department of Health and Human Services (HHS) established national standards for processing electronic healthcare transactions. It also requires healthcare organizations to implement secure electronic access to health data and to remain in compliance with privacy regulations set by HHS.

Establish the organizational processes first and then employ technology to facilitate them. You can fine tune both your processes and your technology practices as you go, but be confident that your organizations are clear on who’s responsible, what needs to be protected, and how you will protect it.

Achieving HIPAA compliance is not easy. We need to be mindful of fundamental elements of compliance, while making the goals understandable to help your organization meet the challenge more effectively. We at CrafTech can help you accomplish this!

Leave a Reply

Your email address will not be published. Required fields are marked *



Our Satisfied Customers

From full network setup, tech support, data backup, and more, CrafTech strives to provide you with solutions to all your IT needs.

Eric Bause Testimonial - I just wanted to let you know what a great job Evan did on Friday with Laura Martin’s PC. We really appreciate his diligence in taking care of the situation.
Eric Bause, ARM | Consulting ActuaryThe Actuarial Advantage Inc.
We’ve gotten the best responses, problem solving and service with a smile that we’ve had since doing business with CrafTech.
Danielle Shull, PresidentPinnacle Healthcare Recovery Partners
It is such a huge weight off my shoulders to know that our data is safe, and that ANY problems I have with my computer, your team will fix it for me…and QUICK!
Jennifer L. Borys, PresidentWoodside Associates
If you would like excellent service at a great price CrafTech is the place to go.
Susan Griffin
Being able to call CrafTech for small or large problems, hardware, quick solutions and always getting a fast reliable fix….Priceless!!!
Donna/Irene/Joanne/Tina, AdministratorsUpper Providence Township
CrafTech is responsive when we call and are very efficient. They find the most cost effective way to deal with issues.
Ido Roizman, ControllerRoizman
The real testament to CrafTech is their responsiveness. I can’t even remember a time when our servers have been down for more than 30 minutes.
Denise Urban, Business ManagerRes-Kem General Water
You have been indirectly responsible for numerous sales in particular, and customer satisfaction in general.
Dave Peairs, Technical DirectorNALCO CAL WATER | An Ecolab Company
I called CrafTech and my mind has been at ease ever since. Tony and Eric gave us amazing service and had us up and running more quickly than I ever imagined possible.
Joyce Csanady, OwnerSigns By Tomorrow
The extensive efforts that CrafTech takes to reduce spam dramatically decreases the junk in our inboxes while ensuring that our customers can get through to us.
Rob Ferber, Office ManagerLinvilla Orchards

Contact Us

We strive to provide our clients with the best possible IT services and support. We will be able to suit your needs.

Media Office

34 State Road
Media, PA 19063
(610) 566-0980

Aston Office

4748 Pennell Road
Aston, PA 19014
(610) 494-5141