HIPAA states that "a data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis." Are you ready?
Online PR News – 20-September-2013 –On September 23, 2013 HIPAA Compliance is mandatory for Covered Entities as well as Business Associates and Subcontractors that create, receive, maintain, or transmit Protected Health Information (PHI).
The new HIPAA Final Rule is very different from previous years. Business Associates (and their subcontractors) are now fully and directly liable for HIPAA violations. Covered Entities, however, are not entirely "off the hook" for downstream HIPAA Compliance due to the implementation of Federal common law of Agency.
For HIPAA Compliance, organizations need to address a number of requirements such as:
HIPAA Privacy (Notice of Privacy Practices, or NPP),
HIPAA Security (various Safeguards), and now
HIPAA Data Storage.
Business Associates (and appropriate subcontractors) may only need to comply with some of the Privacy Rule, depending on how the Business Associate Agreement is structured. All Business Associates (and subcontractors who act as Business Associates) must comply with the entire Security Rule, including Data Storage.
Traditional hosting providers usually prohibit PHI from being stored on their servers. However, there has not been much guidance about HIPAA Compliance and data storage companies as Business Associates... until the HIPAA Final Rule:
"For example, a data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis."
For Covered Entities or Business Associates who store Protected Health Information with web hosting companies or cloud providers, now is the time to ensure that PHI is part of a HIPAA Compliance regimen. HealthCare Too offers these three simple questions to help Covered Entities and Business Associates determine if they need HIPAA Cloud Hosting:
1) Does the organization have a Business Associate Agreement with the hosting provider?
2) Has the hosting provider implemented appropriate safeguards to comply with HIPAA?
3) Can the organization retrieve all backups, audit logs, and other system administration material for the account from the hosting provider?
If the answer to all three questions is not “Yes”, HealthCare Too’s HIPAA Cloud Hosting provides the assurance of high-performance, medical-grade HIPAA Cloud Hosting in a HIPAA audited data center (auditor report available). You can get more information at our website (www.healthcaretoo.com), through email (firstname.lastname@example.org) or through our toll-free number (866-596-4325).
HealthCare Too (HCT) is a certified Women-owned Business Enterprise (WBE) that plays the "shared services" role for HIPAA Compliance, Cloud Hosting, and Data Storage. We help any-sized Covered Entities and Business Associates with higher performance, medical-grade computing and compliance resources... just like what one finds in the largest institutions and enterprises. HealthCare Too uses leveraged resources to provide better performance and contain costs. Whether MD, DO, OD, DDS, LMT, nutritionist, acupuncturist, yoga therapist, long term acute care, rehabilitation facility, pharmacy, retail clinic, surgery center, clearinghouse, insurance provider, Business Associate, or subcontractor.. all need to be part of the digital healthcare system and comply with HIPAA for electronic protected health information. HealthCare Too makes that easier and less expensive.