How To Evaluate A Hipaa Compliant Data Center

How To Evaluate A Hipaa Compliant Data Center

If you host your data with a HIPAA compliant data center, certain administrative, de facto and mechanical safeguards should be in volume, as personal by the U. S. Department of Health and Human Services.

Although all service providers sell their data centers as secure, how do you confirm it truly is HIPPA compliant?

HIPAA, the Health Insurance Portability and Hindrance Act, sets the standard for protecting sensitive patient data. Any company dealing with patient records must set out all the required intrinsic, network and process security measures are in hole and followed.

The Minimum Safeguards

When rating providers, the following safeguards must be in seat:

- It safeguards - comprehend limited facility access and control, with certified access in void. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This requirement includes transferring, removing, disposing and re - using electronic media and unharmed health information ( abbreviated as PHI ).

- Scientific safeguards - wish access control to confess only accredited personnel to access electronic unharmed health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.

- Inspection reports (, or tracking logs ) -, must be implemented to keep records of activity on hardware and software. This procedure is especially useful to pinpoint the source or effect of any security violations. Solution providers should keep very expanded records in their building monitoring system, down to the second when somebody accessed a badge speaker on a door.

- Specialized policies - should also cover virtue controls, or measures put in residence to confirm that PHI hasn ' t been different or destroyed. IT trials recovery and offsite backup are keys to secure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and faultless. A HIPPA compliant data center must cinch crucial healthcare data it handles for providers and insurers will be safe and defended in the shift of a tragedy.

- Network, or transmission, security - is the last specialist preventive required of HIPAA compliant hosts to lock on against unauthorized public access of PHI. This charge covers all methods of transmitting data, including email, Internet, or even over a characteristic cloud network.

Turn to Check-up Reports

Healthcare IT departments can lock up HIPAA compliant hosting by running its servers and data storage in HIPPA compliant data centers. The best way to insure the wanted security is in position is to review the data center ' s SAS - 70 or SSAE 16 reflection report. The reassessment report should specifically cover the processes for the data center ' s indubitable security, network security and access control to the data on the server.

A SAS - 70 autograph confirms the data center complies with celebrated auditing standards. The retrospect is conducted by an independent, third - party CPA. SAS - 70 certification includes two types of check reports:

- Type I - The first step in the auditing process evaluates the organization ' s personality of their native controls.
- Type II - Includes the Type I report and it evaluates how the controls were operating from when the Type I another look was first conducted to six months thereafter.

The Staggering Price of Non - Compliance

HIPAA has been in accommodation for a long time now, but its sock and the financial impact of violations have been solid to distinguish in the recent. However, recent cases show violations can be respected.

Massachusetts General Hospital discovered Health and Human Services is getting serious about HIPAA violations. The hospital agreed to pay the $1 million to settle potential HIPAA violations. Massachusetts General ' s case involved the loss of defended health information ( PHI ) of 192 patients. The loss works out to over $5000 per transcribe.

A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health ( HITECH ) Act which supports the trouble of HIPAA requirements by raising the penalties of health organizations in storming of HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and in addition use, storage and transmittal of electronic health information.

Healthcare IT organizations must secure HIPPA compliant data centers have the required safeguards in station. A SAS - 70 certified data center can help trot out compliance. Staying well informed of regulatory changes will help meet requirements and avoid useful penalties.