“What you don’t know can’t hurt you” is a myth that has been debunked by many.
But when it comes to HIPAA compliance, knowledge isn’t enough…because you can be hurt the most by what you don’t do.
What is HIPAA?
Before we get into the steps, let’s look at what HIPAA actually is.
HIPAA stands for the Health Insurance and Portability Act of 1996. It was signed into effect by US President Bill Clinton, and essentially governs health insurance for employees, as well as specifying the minimum standards for the secure file transfer and protection of electronic health records.
You can read through the entire HIPAA Act by visiting the US Government Printing Office website.
Who does HIPAA apply to?
HIPAA applies to “covered entities and business associates”, to use the technical terms from the Act.
“Covered entities” refers to any healthcare provider (e.g. doctors, dentists, clinics, chiropractors, pharmacies etc), health plans or health care clearinghouses that transmit health information in electronic form.
“Business associates” are any persons or organisations who provide specific services to a covered entity that involve the “use or disclosure of individually identifiable health information” e.g. data analysis, claims processing, billing etc.
And even though HIPAA is an Act passed by the US Government, it affects companies outside the US who wish to provide services as a “business associate” or even exchange patient information as a “covered entity”.
In other words, HIPAA applies to you, whether or not you’re based in the US.
The 2-Step Cheat Sheet for HIPAA Compliance
Since we’ve established that HIPAA applies to you, the question is: how do you become HIPAA compliant?
Here are 3 practical steps you can take right now to quickly move your organisation towards HIPAA compliance.
#1 Appoint a HIPAA Compliance Officer
In other words, choose someone to be responsible for making your organisation HIPAA compliant. In the same way that you have an accountant on your team to manage your company’s books, you need someone who will shoulder the core responsibility of HIPAA compliance.
This person will read through the HIPAA Act, organise internal training sessions, monitor company practices and hold meetings to raise HIPAA-related issues.
#2 Partner with experienced HIPAA compliant vendors and systems
To ease the burden on your newly appointed HIPAA Compliance Officer, make sure that you partner with vendors who offer HIPAA compliant secure file transfer systems and services. This will enable you to leverage their experience and quickly making your organisation HIPAA compliant.
So to give you an example of the kind of credentials you’re looking for in such a vendor, we’ll use our company Maytech as a template for the 3 things you’re looking for.
Firstly, you want a vendor who has ISO 27001 status. Maytech was recently awarded this accreditation by Lloyd’s Register, which means we have official recognition that our internal Information Security Management policies are compliant with the highest level of global security standards.
Secondly, you want a vendor who is extensively endorsement by high profile third parties. This gives you peace of mind that you’re working with someone who has a proven track record. So for example, Maytech is an official G-Cloud (Government Procurement Service) Supplier to the UK Government.
This means that our specialist cloud services have been authorised for delivery across central government departments, executive agencies and non-departmental public bodies.
Thirdly, you want a vendor who provides HIPAA compliant software. But don’t just take their word for it, press them for specific details. Here’ a copy our HIPAA data sheet for our software.
Become HIPAA compliant today
Despite the simplicity of these two steps, many organisations have procrastinated in taking action towards HIPAA compliance…and a number have been hit with hefty fines due to data breaches they experienced.
Don’t let that happen to you.
Use these two steps to move towards HIPAA compliance today. Because when it comes to HIPAA, what you don’t do will hurt you.
