The HIPAA Security Rule outlines national security standards intended to protect health data created, received, maintained, or transmitted electronically.
It basically says that any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.
There are three parts to the HIPAA Security Rule:
TrueVault meets or exceeds all HIPAA laws and requirements in the technical and physical safeguard categories. HIPAA hosting environments such as Amazon AWS or Firehost only cover physical safeguards, therefore potentially exposing you to HIPAA violations.
The administrative components are really important when implementing a HIPAA compliance program. You are required to:
Companies who can help with the administrative components of a HIPAA compliance program:
The technical safeguard requirements for HIPAA compliance are as follows. Be sure to see our note about the distinction between required and addressable safeguards below.
ePHI is electronic protected health information. Any time you're dealing with protected health information (PHI) you are governed by HIPAA laws.
Many of the implementation specifications above in the the "HIPAA Security Rule Checklist" are listed as addressable. Specifications that are HIPAA requirements must be implemented. Addressable implementation specifications must be implemented if it is reasonable and appropriate to do so; the choice must be documented. It is important to remember that an
Most HIPAA hosting companies should implement the addressable specifications as they are best practice data security features any way.
The Physical Safeguards requirements for HIPAA compliance document the access control and validation of people getting to the servers where ePHI is stored. It also details the requirements for the emergency recovery requirements and re-use and disposal of media that holds ePHI.
Typically HIPAA hosting providers only cover these safeguards, not the technical safeguards. Therefore hosting your application in a HIPAA compliant environment is not enough to make your app itself HIPAA compliant and open you up to HIPAA violation, which can reach a maximum penalty of $50,000 per violation, with an annual maximum of $1.5 million.
Make your app HIPAA compliant today. You can be up and running in minutes, with no credit card and no trial expiration.
Skip the red tape of managing the physical safeguards yourself and head straight to developing amazing new solutions for the healthcare industry with TrueVault.