HIPAA COMPLIANCE

The Health Insurance Portability and Accountability Act of 1996 creates standards for all healthcare organizations to simplify and protect the confidentiality and security of all electronic healthcare data. All organizations and business which handle, maintain, or store private health or patient related-information, regardless of size, are subject to HIPAA. In addition to health care providers and insurers, this includes employers maintaining employee health records, life insurers, public health authorities, organ donation banks, pharmacies, long-term facilities, billing agencies and clearinghouses. Each instance of intentional unauthorized disclosure is punishable by fines up to $250,000 and possibly 10 years of jail time.

• Section 164.312 establishes safeguards for electronic storage and maintenance of individual health information. Organizations must ensure the confidentiality, integrity and availability of all protected electronic information it creates, receives or transmits.
• Mandates the use of security measures in 164.312(e), like encryption, to protect electronic health information from unauthorized access while being transmitted over electronic networks.
• In HIPAA section 164.312 the law establishes strict requirements regarding user access, authentication and data protection.
• Section 164.308 requires covered entities to establish contingency plans for responding to emergencies which damage systems containing electronic protected health information. This includes the ability to maintain retrievable copies of electronic records and having disaster recovery plan to restore any loss of data.
• Section 164.312(b) establishes audit controls to determine when messages were delivered, manipulated or when administrators accessed the system.

QHost’s Exchange plus Archiving plans can help you meet the requirements of this law.