Sotero’s HIPAA Compliance
What is HIPAA?
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.
Who needs to comply?
According to HIPAA, if you belong to the category of “covered entities” or “business associates,” and you handle “protected health information (PHI),” you and your business are required to be HIPAA-compliant. “Covered entities” describes U.S. health plans, health care clearinghouses, and health care providers.
What if you don’t comply?
The penalties are huge if you don’t comply with HIPAA regulations. Since the compliance date of the Privacy Rule in April 2003, OCR (Office for Civil Rights) has received over 171,161 HIPAA complaints and has initiated over 870 compliance reviews. OCR has investigated and resolved over 25,637 cases by requiring changes in privacy practices and corrective actions by, or providing technical assistance to, HIPAA covered entities and their business associates. Corrective actions obtained by OCR from these entities have resulted in change that is systemic and that affects all the individuals they serve. OCR has successfully enforced the HIPAA Rules by applying corrective measures in all cases where an investigation indicates noncompliance by the covered entity or their business associate. To date, OCR has settled or imposed a civil money penalty in 53 cases resulting in a total dollar amount of $75,229,182.00.
How Sotero can help you to be HIPAA Compliant?
A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well being. The rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing. Sotero’s inbuilt security features allows you to be HIPAA compliant without going through a complicated audit and enforcement process.
While the HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, the HIPAA Security Rule outlines the security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI). By going through Sotero’s implementation process, the HIPAA data is encrypted and stored in a protected mode which cannot be accessed without the valid access credentials and without the valid data access gateways.
Sotero ensures that the data environment has necessary administrative, physical and technical safeguards in place as per the compliance needs. The physical and technical safeguards are most relevant to services provided by your HIPAA compliant host as listed below.
- Physical safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).
- Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.
- Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI.
Since the data stored and used by nature is encrypted and protected, the access and the transmission of such data without the context of Sotero’s application gateway will be meaningless for anyone who is not authorized to use and protects the provider in terms of the compliance.
Finally, through Sotero’s “Detect” audit capabilities, necessary audit reports, or tracking logs will be implemented to keep records of activity on the hosted infrastructure. This is especially useful to pinpoint the source or cause of any security violations. You’ll will be able to produce reports to clearly show regulators that the identified and classified data elements are maintained as per the regulations.
For more information as how you can use Sotero to make your organization HIPAA compliant, please contact us at firstname.lastname@example.org.