Pagoda Blog

We’ve all encountered HIPAA (The Health Insurance Portability and Accountability Act) at the doctor’s office, pharmacy, or when conducting a transaction with your insurance company. HIPAA works to safeguard and place limits on the uses and disclosures of PHI (personal health information) and violations of HIPAA result in financial or criminal penalties. At first glance, it may seem that only businesses and organizations in the healthcare sector would need to ensure HIPAA compliance, but if you ever handle or have access to PHI, the law also applies to your business. 

 

Who needs to be HIPAA compliant? 

Covered entities and business associates (basically any business that handles PHI) need to be HIPAA compliant. The U.S. Department of Health and Human Services (HHS) defines covered entities as “health plans, health care clearinghouses, and health care providers who transmit any PHI electronically in connection with a transaction for which HHS has adopted a standard.” A business associate is an outside contractor who helps a covered entity carry out its health care activities and functions. 

 

But what exactly falls under personal health information? As it turns out, PHI encompasses quite a wide variety of data, including your date of birth, home address, phone number, social security number, account number, full face photos, or health plan beneficiary numbers. Accountable defines PHI as "any personal health information that can potentially identify an individual, that was created, used, or disclosed in the course of providing healthcare services, whether it was a diagnosis or treatment." 

 

Under the HIPAA Security Rule, safeguards must be put in place to ensure the confidentiality, integrity, and availability of PHI. These safeguards prevent unauthorized persons from accessing your health information. It also requires that individuals understand their privacy rights, including their ability to control how their information is used. (This is why you sign the HIPAA agreement at your doctor’s office.) The HIPAA Privacy Rule controls who has access to PHI, how it can be used, and who it can be disclosed to.

 

If your business provides services to a covered entity, such as a doctor’s office, psychologist, dentist, chiropractor, pharmacy, or nursing home, then you should obtain HIPAA compliance.    

 

For example, as a Managed Service Provider, Pagoda encounters PHI when we provide IT services to clients who are either a covered entity or a business associate. Obtaining our HIPAA seal of compliance was necessary to effectively and legally protect the PHI that we indirectly encounter through our work.  

 

How does a business become HIPAA compliant? 

If you are a business associate and need to achieve HIPAA compliance, you will need to go through a multi-step process through a verified agency like the Compliancy Group. The Compliancy Group provides software with live coaching to help you complete all the legally required steps to earn your HIPAA seal of compliance. These steps include the following: 

 

1. Implementing written policies, procedures and standards of conduct

2. Designating a person to ensure they are followed

3. Conducting effective training and education 

4. Developing effective lines of communication

5. Conducting internal monitoring and auditing

6. Enforcing standards through well-publicized disciplinary guidelines 

7. Responding promptly to detected offenses and undertaking corrective action

 

Undertaking HIPAA compliance is necessary to ensure the privacy and security of PHI and to avoid fines (the average fine for HIPAA violation is $1,500,000!) or potential criminal penalties. The seal of compliance also sets your business apart, underscoring your professionalism, expertise, and commitment to data privacy and security. 

 

One final item of note is the use of paper forms versus digital. Using paper forms for new patient registration and signing notices of privacy is still a very common practice among healthcare providers. The thing is, paper forms are an inconvenience—they’re long, tedious, and prone to error. But now, with HIPAA compliant online forms, getting patient registrations and important signatures is better and easier while still being safe and secure.

 

Interested in achieving HIPAA compliance for your business? Pagoda is a Compliancy Group partner, so don’t hesitate to reach out with questions about the process or what it’s like working with them. We’re happy to share with you our personal experience and the knowledge we’ve gained regarding HIPAA compliance.  

 

Related reading: 

Is Your Website ADA Compliant? 

Are You Doing All You Can to Protect Your Customer Data?

How to Leverage Cybersecurity as a Competitive Edge for Your Business

 

Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and sharpen your technical skills, from cybersecurity to digital marketing. 

 

 

 

Want IT to serve you better?

 

 

 

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a complimentary IT consultation.