HIPAA is short for the Health Insurance Portability and Accountability Act. It’s a federal law in the US, creating national standards for protecting sensitive patient health information.
HIPAA is short for the Health Insurance Portability and Accountability Act. It’s a federal law in the US, creating national standards for protecting sensitive patient health information. The goal of HIPAA is to ensure that patients’ health information is protected securely, whilst also allowing the flow of information where necessary, to make sure that the patient gets correct, high quality health care. In the UK our equivalent is the Data Protection Act, but any companies operating in the US are required to adhere to HIPAA standards, so it’s important to be aware of.
HIPAA protects a whole variety of information pertaining to a client’s health and medical history, which can be in any form, be it oral, written or electronic. This is otherwise known as Private Health Information, or PHI. Types of PHI include:
HIPAA is divided into three components which organisations will need to take into account.
As we mentioned earlier, any company who deals in the US and accesses PHI needs to be aware of being HIPAA compliant.
There’s a common misconception that only ‘covered entities’ need to comply - these include healthcare providers or organisations who provide healthcare plans.
There are also what is called ‘business associates’ which is if as an organisation you handle PHI to any degree, for example if you work in quality assurance or data analysis, you will also need to be compliant.
A HIPAA violation is separate from a HIPAA breach. A data breach becomes a violation when it’s the result of negligence or an ineffective, outdated HIPAA programme.
An example of a data breach is if an employee’s work device that carries PHI is stolen, a HIPAA violation would be if the organisation hasn’t taken steps to protect these devices, e.g. prohibiting them from being taken off work premises.
The penalty depends on the severity of the violation and differing factors. These include:
Penalties can include fines upwards of $100 and can go over $1 million for organisations, and even prison sentences depending on the severity.
We work with all types of businesses in many sectors, including organisations that need to achieve different levels of security compliance.
When we start working together we will discuss with you, to understand your business needs and recommend the right action to take and the products you need. We can also run awareness courses for your staff to make sure everyone is on the same page when it comes to compliance, and that no accidental breaches or violations take place.
We become a strategic IT partner and an extension of your business, so as your organisation grows we will adapt the work we do for you to ensure continued compliance.
Hopefully now you’ve got more understanding about how HIPAA works and if you need to comply. The most important thing is to be proactive, and working with a managed IT provider like Team Metalogic will ensure that you remain compliant and you can get on with doing what you do best.
We’re Team Metalogic, a managed IT support provider offering managed IT services to SMEs across the UK. With a proven track record, with extensive experience and a full portfolio of industry accreditations and certifications.
Our stress-free solutions don’t complicate things, in fact, they improve efficiency and save money. We want to improve your IT services and security. Want support and security for your business and data?
Get in touch with us today - our team would love to chat with you!
Share this page
Joshua joined the team last year as Service Desk Engineer and since joining us he’s gone from strength to strength within the company. At Team Metalogic we are committed to helping our colleagues grow and develop in order to excel in their careers, and Joshua is no exception.
Protecting your data is crucial: any data lost or attacked compromises you and your organisation. Cyber security is the practice of defending your IT and telecommunications from any malicious attacks.
Passwordless authentication is any way in which a user’s identity can be verified without the need for a password.
Calum Challenger joined Team Metalogic at the beginning of 2021 in the role of Junior Service Desk Engineer. Since then, he’s excelled in his first few months with the company.