Home | Business | Small Business
Despite the fact the Health Insurance Portability and Accountability Act (HIPAA) has been on the books for almost twelve years, and most smaller medical practices do no have a firm understanding of how their record keeping computer systems should be backed up. HIPAA Guidelines and Regulations Title II of HIPAA, Administrative Simplification (AS) provisions, specifies rules and requirement on privacy and security management of health information. Under Title II, the Department of Health and Human Services (HHS) outlines regulations for the use and dissemination of personal health care information. These rules apply to covered entities, including health plans, health care clearinghouses, such as medical billing services and community health information systems and health care providers that transfer health care information in a way that is regulated by HIPAA. [Code of Federal Regulations Title 45, Volume 1] The Privacy Rule establishes regulations for the use and disclosure of Protected Health Information (PHI). PHI is any information about health status, provision of health care, or payment for health care that can be linked to an individual. This includes any part of a patient’s medical record or payment history. [Code of Federal Regulations. Title 45, Volume 1] Security Rule deals specifically with Electronic Protected Health Information (EPHI) and requires Administrative Safeguards - policies and procedures designed to clearly show how the entity will comply with the act Covered entities that out-source some of their business processes to a certified third party must ensure that their vendors also have a framework in place to comply with HIPAA requirements. Companies typically gain this assurance through stipulations in the contracts stating that the vendor will meet the same data protection requirements that apply to the covered entity. Care must be taken to determine if the vendor further out-sources any data handling functions to other vendors and monitor whether appropriate contracts and controls are in place. A contingency plan should be in place for responding to emergencies. Covered entities are responsible for backing up their data and maintaining a disaster recovery procedure. The plan should document data priority and failure analysis, testing activities, and change control procedures. Internal audits play a key role in HIPAA compliance by reviewing operations with the goal of identifying potential security violations. Audits should be both routine and event-based. In order to have an online backup that is HIPAA compliant you need to meet all the requirements of the Final HIPAA Security rule dated February 2003 and required after April 21, 2005. BackupRIght.com exceeds the standards set in the security rule by encrypting all data before it is sent over a secure SSL connection to the remote backup service. The Encryption Key is generated by the customer and is known only to the customer, the key is not transmitted to the HIPAA compliant online backup server. All data stored by BackupRight.com is encrypted with military grade encryption and not accessible to the backup provider or employees. Your data is fully secure and safe. The local backup client encrypts all data prior to transmission to the remote systems. Data can only be recovered by transmitting it back to the local client that decrypts the data using the encryption key. BackupRight.com Pro edition exceeds the requirements to help companies comply with the final Security Rule. BackupRight.com also complies with the Privacy Section even though by definition Remote Backup Providers are not considered to be 'Covered Entities' as defined by the current rules. At this time there is no 'HIPAA Compliance' certification for backup providers, and it is important to understand that because there is no regulation that specifically addresses backup and privacy software that no service is truly 'HIPAA Compliant'. Trust BackupRight.com for your HIPAA Backup Please note that, although all information presented in this article is believed to be factually correct, this summary is not intended to give legal advice. Please consult with your legal counsel if you have questions about your specific situation.
Article Source: http://www.search4allinfo.com
John Blackman - IT Security Professional
Please Rate this Article
5 out of 54 out of 53 out of 52 out of 51 out of 5
Not yet Rated
RSS Latest News Find summer camp jobs on MySummerCamps.com
