Many of our customers and prospective clients look to us for needs in being HIPAA compiant. The US Department of Health and Human Services http://www.hhs.gov provides a lengthy list that we use in our descriptions of compliance. Here, we provide a quick and easy-to-read overview of some of the most important issues needed. The items listed are not a complete or formal list but are a good base from which to serve the customer.
Waytek’s role in HIPAA compliance is associated with completing a Risk Analysis for an organization, as it pertains to Protected Health Information (PHI). We offer this service to many of our customers in the Healthcare industry. From this analysis, we create a plan to mitigate the risks and implement ongoing IT Security and access policies and controls in conjunction with the application of HIPAA policies for the specific healthcare organization.
We implement specific IT controls associated with security, auditing, role-based access, data transmission, along with processes such as encryption, when appropriate and contingency plans for emergency situations, such as power outages or loss of data.
We also keep our customers up to date with changes in compliance, such as the American Recovery Reinvestment Act (ARRA) which includes more comprehensive provisions for HIPAA. These provisions are known as the Health and Information Technology for Economic and Clinical Health Act (HITECH) which is detailed below.
What HIPAA Applies to – PHI
HIPAA applies to PHI (Protected Health Information). This is information that identifies to whom the health-related information belongs, i.e. names, email addresses, phone numbers, medical record numbers, photos, driver’s license numbers, etc. If you have something that can identify a user together with health information of any kind (from an appointment, to a list of prescriptions, to test results, to a list of doctors) you have PHI that needs to be protected per HIPAA. ePHI is merely PHI that is stored or transmitted electronically (i.e via email, text message, web site, database, online document storage, electronic FAX, etc.)
Who HIPAA Applies to – Covered Entities
Covered entities include:
- Health Plans: With certain exceptions, an individual or group plan that provides or pays the cost of medical care.
- Health Care Clearinghouse: An entity that either processes or facilitates the processing of health information from various organizations, i.e, to reformat or process the data into standard formats.
- Health Care Providers: Care, services, or supplies related to the health of an individual.
Waytek can provide you with a detailed report on its role in serving you regarding:
- HIPAA Administrative Requirements
- HIPAA Physical Requirements
- HIPAA Technical Requirements.
Contact us for more information about our analysis and services regarding compliance and other IT needs.