How To Evaluate A Hipaa Compliant Data Center

How To Evaluate A Hipaa Compliant Data Center

If you host your data with a HIPAA compliant data center, certain administrative, intrinsic and specialist safeguards should be in place, as individual by the U. S. Department of Health and Human Services.

Although all service providers doorstep their data centers as secure, how do you confirm it truly is HIPPA compliant?

HIPAA, the Health Insurance Portability and Burden Act, sets the standard for protecting sensitive patient data. Any company dealing with patient records must make safe all the required indubitable, network and process security measures are in joint and followed.

The Minimum Safeguards

When grading providers, the following safeguards must be in house:

- Essential safeguards - receive limited facility access and control, with accredited access in neighborhood. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This requirement includes transferring, removing, disposing and re - using electronic media and safe health information ( abbreviated as PHI ).

- Mechanical safeguards - lack access control to avow only validated personnel to access electronic guarded health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.

- Column reports (, or tracking logs ) -, must be implemented to keep records of activity on hardware and software. This procedure is especially useful to pinpoint the source or produce of any security violations. Solution providers should keep very massive records in their building monitoring system, down to the second when somebody accessed a badge preacher on a door.

- Technical policies - should also cover honestness controls, or measures put in seat to confirm that PHI hasn ' t been far cry or destroyed. IT catastrophe recovery and offsite backup are keys to lock up that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and the works. A HIPPA compliant data center must lock up crucial healthcare data it handles for providers and insurers will be safe and guarded in the turn of a mishap.

- Network, or transmission, security - is the last practical precaution required of HIPAA compliant hosts to lock up against unauthorized public access of PHI. This right covers all methods of transmitting data, including email, Internet, or even over a innate cloud network.

Turn to Once-over Reports

Healthcare IT departments can clinch HIPAA compliant hosting by running its servers and data storage in HIPPA compliant data centers. The best way to make certain the prerequisite security is in locus is to review the data center ' s SAS - 70 or SSAE 16 revision report. The procession report should specifically cover the processes for the data center ' s undeniable security, network security and access control to the data on the server.

A SAS - 70 pseudonym confirms the data center complies with well-known auditing standards. The another look is conducted by an independent, third - party CPA. SAS - 70 certification includes two types of second look reports:

- Type I - The first step in the auditing process evaluates the organization ' s meat of their at rest controls.
- Type II - Includes the Type I report and it evaluates how the controls were operating from when the Type I file was first conducted to six months thereafter.

The Staggering Price of Non - Compliance

HIPAA has been in hole for a long time now, but its violence and the financial impact of violations have been insolvable to distinguish in the elapsed. However, recent cases show violations can be beneficial.

Massachusetts General Hospital discovered Health and Human Services is getting serious about HIPAA violations. The hospital agreed to pay the $1 million to settle hidden HIPAA violations. Massachusetts General ' s case involved the loss of defended health information ( PHI ) of 192 patients. The loss works out to over $5000 per record.

A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health ( HITECH ) Act which supports the muscle of HIPAA requirements by raising the penalties of health organizations in barrage of HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and greater use, storage and transmittal of electronic health information.

Healthcare IT organizations must insure HIPPA compliant data centers have the required safeguards in distance. A SAS - 70 certified data center can help trot out compliance. Staying well informed of regulatory changes will help meet requirements and avoid scarce penalties.