HIPAA and Outsourcing Your IT Applications:
As you probably know, HIPAA (Health Insurance Portability and Accountability Act) requirements are very strict when it comes to patient-data confidentiality. So what does that mean when it comes to the applications you use for things like records retention, patient communication and other business critical applications? Do you have to spend gobs of money to build your own private network? The answer is a resounding NO!
You can still outsource your applications to a hosting service like Hostway and remain compliant with HIPAA, but you need to ensure that three main types of safeguards are in place: administrative, physical, and technical. This whitepaper from Hostway goes into greater detail on each of these, but here’s a brief overview.
Administrative safeguards are addressed when healthcare providers deploy policies and procedures that prove they are complying with HIPAA requirements. You know all those papers you have to sign at the doctor’s office and all those documents you have to read? Those are designed to help ensure that your information is kept confidential and that you understand those policies and procedures.
Physical safeguards include such things as locks on file cabinets, limiting personnel access to patient files, and limiting potential exposure of personal data at every exchange point. For example, when you go to the pharmacy, there’s a special window for patient consultation with the pharmacist designed to protect your conversation about your medications; you are encouraged to come inside to discuss your medicines rather than have those conversations at the drive-thru.
Finally, and most importantly for our discussion, are technological safeguards. At Hostway, we provide a multitude of ways for you to protect confidential patient information and comply with HIPAA requirements. This whitepaper covers the details of HIPAA HITECH. Although there are still things that providers need to do to ensure complete compliance, Hostway can provide many of the requirements:
- Firewalls
- Intrusion Detection and Prevention Systems (IDPS)
- SSL and IPSec VPN
- Multi-Factor Authentication
- Internal PCI Vulnerability Scanning
- External ASV Vulnerability Scanning
- Web Application Firewall (WAF)
- File Integrity Monitoring
- Security Event Log Management and Monitoring.
For a full discussion of the HIPAA information access management requirements, see this blog by Peter Hesse where he describes requirements for accessing electronic protected health information.
Once you read that, you might think that compliance seems almost out of reach but Hostway has a solution called HIPAA HITECH that can help you address your HIPAA headaches.
For a free consultation, contact Hostway at 877.798.6239 or email us at sales@hostway.com. To learn more, visit our HIPAA page, where you’ll find resources on HIPAA and protecting your email.
When it comes to protecting your patients’ confidentiality, you simply cannot afford to take risks. But you also don’t have to break the bank trying to digitize your office. Hostway can help -- call us today!