Learn About HIPAA
HIPAA is a United States federal law that required the creation of national standards to protect patients from having sensitive health information disclosed without their consent or knowledge.
Frequently Asked Questions
What does HIPAA stand for?
HIPAA stands for the Health Insurance Portability and Accountability Act.
Why is HIPAA important?
HIPAA is important because it protects the personal health information (PHI) of patients.
Unlike other types of data that can be salvaged and protected again after a data breach, such as credit card information (where the card number can be canceled and a new card reissued), breaches in personal health data can cause substantial damage.
Once health information is leaked, that information cannot be returned to safety again, and in some cases, could even be used against patients. HIPAA protects people from these potential risks and ensures privacy standards are upheld. While HIPAA is a United States law, Canadian companies and other non-US business entities operating within the United States must also comply.
Who must comply with HIPAA?
Any covered entities that provide healthcare services (hospitals, clinics, insurance companies, telehealth, etc.) must meet HIPAA compliance requirements.
In addition to covered entities, any business that partners with covered entities and has access to protected data must also ensure they are HIPAA compliant. These are called “business associates”, or BAs.
In addition to covered entities, any business that partners with covered entities and has access to protected data must also ensure they are HIPAA certified. These are called “business associates”, or BAs.
BAs must sign a Business Associate Agreement when they begin working with covered entities, which promises that they will meet and maintain the necessary HIPAA requirements.
Not following HIPAA compliance requirements, policies, and procedures could result in fines or reprimands from the government for both the business associates (if they’re at fault for the data breach), as well as the covered entities where the protected health information was being gathered and stored.
To learn more about the cost of a HIPAA breach, read our blog post.
What is personal information under HIPAA?
Under HIPAA, protected health information is considered to be information that relates to the past, present, or future health status of an individual that is collected, created, maintained or transmitted by a HIPAA-covered entity. This information must be individually identifiable to qualify.
Who enforces HIPAA?
The Office for Civil Rights (OCR) is in charge of enforcing HIPAA compliance. This is part of the U.S. Department of Health and Human Services, which enforces federal civil rights laws.
This agency protects individuals and entities from unlawful discrimination based on color, race, disability, age or sex, and as part of their protection services, oversees the enforcement of HIPAA requirements.
What are the HIPAA rules?
How can MedStack help with HIPAA compliance?
Becoming HIPAA-compliant can be a time consuming, expensive and complicated process. Companies can spend as long as six months, and as much as six figures on privacy lawyers, software developers, compliance consultants, and more.
MedStack can turn those months into several weeks, as well as drastically reducing the costs associated with the process of meeting HIPAA compliance for digital healthcare applications. We amalgamate all the services needed into an affordable monthly subscription.
Additionally, some covered entities in the United States are required to ensure that health data remains within the United States. MedStack can help assist with this requirement by ensuring the American companies are only deploying to data centers within the US.
You can achieve about 70% compliance through MedStack alone, and if you choose to work with one of our partners, you can quickly and easily become 100% HIPAA compliant.
Learn how our platform can help you become HIPAA compliant
We are the only platform that brings together compliance, security assessment responses, threat protection, and audit readiness into a complete offering, ensuring your application runs and manages data in the cloud with the highest privacy and security standards in mind.