No matter what business you’re in, information and technology management is important for success. But in the health-care realm, the ability to keep data safe and secure is even more paramount. That’s because government regulations mandated by the Health Insurance Portability and Accountability Act (HIPAA) state that all protected health information must be strictly protected — and that any breach of such information must be reported immediately.
In addition, the HITECH Act expanded the scope of who was responsible for meeting HIPAA regulations by including any third-party business associate that handles or processes personal health information for a covered entity like a hospital, insurance company, or medical provider. That means financial, accounting, legal, billing, claims processing, and IT firms that work with the health-care industry, along with all of the third-party vendors that they use.
So why does HIPAA-compliant IT support matter? With the new breach notification requirements, companies that mishandle health information can now be audited, fined, or slapped with civil or criminal charges. And that doesn’t even take into account the hit to a company’s reputation that comes with a data breach.
Take the recent announcement that Anthem, Inc., the second-largest health insurance provider in North America, inadvertently exposed the medical information, Social Security numbers, and email addresses of over 80 million consumers. Regulatory fines will certainly be forthcoming — but tens of thousands of Anthem clients have already filed class-action lawsuits against the company, as well.
In our current data breach-sensitive day and age, the revelation of a situation like Anthem’s can lead to productive changes in the world of HIPAA-compliant IT support. Unfortunately, some of those changes include major IT providers deciding to walk away from the health-care industry altogether.
At CMIT Solutions, we’ve put in the extra time and effort to make sure our IT solutions are HIPAA-compliant. Below are some of the most important ones that small businesses rely on:
• Data encryption. HIPAA regulations require that data be encrypted at rest in the data centers where it resides, in transit across the Internet, and to and from the cloud. Anthem’s data breach resulted from data on its servers not being encrypted, presumably so employees had easier access to it. But such shortcuts are reflective of outdated IT policies that don’t meet today’s needs.
• Strong backup, recovery, and eradication capabilities. HIPAA rules dictate several requirements for storing data: backups must reside in certain locations; retrieval of data must be overseen through access control and login monitoring; data must be kept available, even in the event of a disaster; and old storage systems must be destroyed, not reused. No small business owner should be expected to add worries to his or her day-to-day duties — that’s what a HIPAA-compliant IT provider is for.
• Tested policies and procedures. This might not seem to fall under the IT umbrella, but best-practices policies and procedures can save your business from a HIPAA-related disaster down the road. A trustworthy and truly HIPAA-compliant IT provider will have Business Associate Agreements, Privacy and Security Rule Risk Assessments, and other documents ready for your perusal and implementation.
At CMIT Solutions, we understand the complexities of IT support for the health-care industry, and we’ve worked hard to meet HIPAA regulations. We offer proven solutions that can deliver positive outcomes and an unparalleled level of care while increasing your efficiency and productivity. Contact us today to find out how we can be your all-in-one IT provider.