If your office interacts with any kind of health information, then you are subject to HIPAA compliance.
Recently it has been found that fax machines and scanners like MRI machines are being hacked more often simply because they lack sufficient security and they are gateways to patient medical records.
As per the 2009 HITECH addendum to the HIPAA act, anyone dealing with patient information needs to abide by HIPAA regulations or face serious penalties and fines.
Anyone who touches patient information falls under HIPAA
Many organizations don’t realize just how broad the risks are when dealing with patient information.
For example, if you get into an accident your doctors have your information, they must then send related treatment info to the insurance company. Then, if the accident is a 50/50 fault, the other persons insurance company will get to look at your information as well.
HIPAA is not just doctor’s offices. It is for practices, hospitals, insurance companies, even IT companies.
Any one that sees or touches the records of any patient must abide by HIPAA rules. Even the patients themselves.
work with a company that is. Specific and practical working knowledge of the Security Rule which deals with technology used in health care is essential.
To protect your care organization the best and easiest thing to do is to have a trusted service provider who implements a Business Associate Agreement to reduce the risk you would otherwise face handling IT security on your own.
As a health care IT company, Asgard MSP secures all its clients with a BA agreement. This ontop of a comprehensive managed IT security solution goes beyond managed security to reduce legal liabilities for your care organization.
At the end of the day, using HIPAA as a guideline to protect yourself, and your company has more benefits than costs.
Asgard can provide an evaluation of your office to verify HIPPA compliance. Contact us below.
A robust security platform like EverShield should include:
• The ability to secure IoT machines on a private network.
•A BAA (Business Associate Agreement).
• Multiple communications modalities within the app to avoid user errors.
• Data not stored or cached in third party data centers without a BAA in place.
• Encryption for data in transit and data at rest.
• Ability to meet state by state HIPAA data retention requirements.