It’s never a question…people expect any information relating to their health records to be protected and safeguarded against any attempt of compromise. The Health Insurance Portability and Accountability Act, better known as HIPAA, along with the Health Information Technology for Economic and Clinical Health (HITECH) Act have outlined acceptable measures companies that store, handle, or process electronic protected health information (ePHI) must adhere to. Who is covered, what information is protected, and what safeguards must be in place to ensure is covered by the HIPAA Security Rule. HIPAA, in general, applies only to covered entities – primarily health plans, health care clearinghouses and health care providers. The HITECH Act of 2009 expanded the responsibilities of business associates of the covered entities. In other words, it addresses requirements for service organizations acting as vendors and providing services to the covered entities, and therefore have access to ePHI.Even if you aren’t a covered entity, but are a vendor to the covered entity and have access to their ePHI you are likely subject to the requirements under HIPAA/HITECH.
If you are questioning whether your company is HIPAA/HITECH compliant, let’s talk. Contact Us!