The Health Insurance Portability and Accountability Act (or HIPAA) is meant to protect patient information by mandating that the data is stored as securely as possible.
In most cases, this leaves doctor’s offices with two choices: give up precious office space for on-site servers to host the information, or turn to the cloud. While the cloud seems like an easier alternative, the federal government has strict guidelines for data storage, and cloud companies have been playing catch-up to comply.
However, if doctors and lawyers look for the right HIPAA provider with these four criteria, then they should be more secure.
PHI, or Personal Health Information, is the crux of HIPAA compliance and should be the focus whenever you’re looking for a CSP. The first thing you need to do is make sure there is limited access to this data within the CSP. This will be discussed during your business agreement, where only authorized individuals can access the data at any given time.
Next, ask what encryption algorithms your CSP provides. Encryption isn’t a mandatory requirement for HIPAA, but is generally considered a best practice. If your CSP doesn’t provide encryption -- while so many other CSPs do -- then it’s time to walk away.
Ask About the CSP’s HIPAA Auditing Process
In 2012, the OCR HIPAA Audit Protocol was adopted to assess CSPs on security and performance. This 169-item assessment can be used to rank potential CSPs based on security and notification levels. It’s especially useful for the modular breakdown that it uses to help doctors and lawyers better understand the assessment and where there CSP is weak.
There are many professional third-parties that can run this audit to determine the viability of a potential provider.
Check the Disaster-Recovery Protocols
HIPAA regulations specify that there must be a disaster recovery plan in the event of a fire, vandalism, or system breakdown. This plan would list out all possible dangers to the system (including natural disasters) and provide concrete steps to get back online while keeping patient records available and secure.
While this is important for CSPs because it’s based around their business model, it’s crucial for doctors and lawyers to understand the protocol or risk being in noncompliance. Failure to recover the data after a disaster could result in fines or jail time.
Avoid “HIPAA Certified” Providers
The Department of Health and Human Services, which runs HIPAA, has made it clear that there is no official “HIPAA certification” to prove that a CSP is compliant with its regulations. Beware of the company that says it’s HIPAA certified. If they’re lying about that, what else aren’t they telling you about?
The HIPAA certification scam goes deeper than just CSPs. Doctors have fallen victim to HIPAA certification seminars where they’re asked to pay $400 for a “mandatory government training.”
The key to finding a successful cloud storage provider lies in communication and education. The cloud shouldn’t be a black box that your write a check to. You should understand who has access to that data and when -- and what they do with it.
A payment gateway can be defined as the infrastructure that allows a merchant to accept credit card and other forms of electronic payments. The e-payments can take place online as well as from the traditional brick and mortar stores. Payment Gateways play an important role in encrypting and transmitting critical information between payment portals and the front end processors/ Banks. Read more
Cutting the cord on expensive cable packages is something more people are opting to do. Now, with the streaming media options available, a lot of people feel like there’s no need to have traditional cable. They have more choices than they could even be able to enjoy and streaming your entertainment versus having a cable package provides cost savings and freedom from a monthly bill. You have access to not just shows, but your favorite movies, entire series, music and more with streaming platforms. Read more
We don’t need to be told that technology has changed the world. We’ve seen it happen over the last century, and we’re seeing it happen today. We’ve seen it in the progression from the world’s first computer, a humongous piece of machinery, to the tiny, advanced computers millions of us carry in our pockets every day. Read more