PHI

HIPAA Security Rule | Another area for Data Center Compliance

As with the Privacy Rule, the Security Rule is also an important provision that data centers should be compliant with.

Security Rule: The Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all Protected Health Information (PHI) including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI). It essentially identifies the three types of security safeguards required for compliance:

• Administrative
• Physical
• Technical

EMR: Regarding Electronic Medical Records, the HIPAA Privacy Rule and Security Rule provisions essentially account for the safekeeping of EMR’s. Thus, a HIPAA | EMR audit conducted in accordance with the HIPAA Privacy Rule and Security rule would test the safeguards of EMR’s, essentially including them in the scope of the audit.

And with the growth of data centers, co-location facilities, and other managed services entities, being compliant with HIPAA would be a smart move. Any organization that is physically housed in any data center would arguably require that very data center to be HIPAA compliant. Find a competent, well-skilled HIPAA auditor to assist you in this endeavor.

HIPAA Privacy Rule | Attention Data Centers | Are you HIPAA Compliant?

First it was SAS 70, then PCI, now HIPAA is fast becoming a requirement for data centers. Here’s what you need to know about the HIPAA Privacy Rule.

An electronic medical record (EMR) is usually a computerized legal medical record created in an organization in which the health information system allows storage, retrieval and manipulation of these respective records.

Electronic medical records, similar to that of hard copy medical records, must be kept in unaltered form and authenticated by the creator. Under data protection legislation, such as HIPAA, responsibility for patient records (irrespective of the form they are kept in) is always on the creator along with one of many custodians of the records, usually a health care practice, facility, or entity, such as DATA CENTERS.

Privacy Rule: The HIPAA Privacy Rule regulates the use and disclosure of certain information held by “covered entities”, which includes health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions. It establishes regulations for the use and disclosure of Protected Health Information (PHI).
Although HIPAA was enacted in 1996, the enforcement of the Privacy Rule began in 2003. The Privacy Rule mandates the following:

• Regulates the use and disclosure of protected health information by health plans, health care clearinghouses, and health care providers who transmit financial and administrative transactions electronically.
• Establishes a set of basic consumer protections
• Permits any person to file an administrative complaint for violations
• Authorizes the imposition of civil or criminal penalties.

If your data center needs to be compliant with HIPAA, then find a competent auditor to assist you.