Eagle Custom HIPAA Procedure Solutions Include
- Developing procedures to safeguard remote access to client systems
- Training employees on confidentiality of client data
- Using encryption where appropriate and necessary
- Using rigorous procedures to secure confidential data on hosted systems
- Placing subcontractors under business associate agreements
Begin with a HIPAA Privacy & Security Policies Template:
Eagle offers a full set of comprehensive HIPAA Privacy & Security Policy Templates for immediate download
HIPAA Policy Solutions for Technology Companies
Eagle develops procedures customized to your business model, for technology companies who are business associates, under HIPAA
Software providers and value-added resellers who offer software support and who are exposed to their customers’ protected health information have their own HIPAA obligations.
These obligations began February 17, 2010, one year after President Obama signed the HITECH Act in Denver, Colorado.
Many software authors and VARs assume that these obligations are not yet in effect. Congress instructed the federal department of Health and Human Services to translate the HITECH statute into regulations by February 17, 2010, but they are more than two years late. The latest scheduled release date is March 2012, but this, too, may be missed. And the HHS Office of Civil Rights, the agency with responsibility for enforcing the HIPAA regulations, has stated that they will not begin enforcing these regulations until 6 months after they publish the final rules.
However, see the post “Wake-up Call for Business Associates – Comply with HIPAA Now.” Many were surprised when Minnesota State Attorney General Lori Swanson sued a HIPAA business associate after a data breach under the authority of the HITECH Act. AG Swanson found the HITECH Act itself very clear without further need of translation into federal regulations. The HITECH Act gave state attorney generals authority to enforce HIPAA — and spells out Business Associate obligations very clearly — and that these began more than two years ago.
The HITECH Act obligates “business associates,” and most medical software companies and VARs are business associates — to comply with most of the HIPAA Security rule. This involves physical, technical and administrative safeguards to protect the confidentiality, integrity and availability of PHI.
Appropriate procedures include safeguarding remote access to client systems, training employees on confidentiality of client data, using encryption where appropriate and necessary, using rigorous procedures to secure any confidential data on hosted systems, placing subcontractors under business associate agreements, and other procedures.
The required procedures will vary with the business model of the technology company — one size does not fit all. Eagle has over a decade of experience developing procedures for business associates. These obligations began long ago. What is different now is that the business associate is subject to the civil and criminal penalties of HIPAA — including jail time. Contact us for more details.