02-06-12 | Blog Post
Our third most important question to a Business Associate is:
What policies and technologies are used to protect my applications and PHI data?
Neither HIPAA nor HITECH call for specific technical measures to assure PHI data is available, accurate and secure. However, there are still basic technologies and practices that indicate a culture of security awareness and proficiency. After you review the BA’s independent HIPAA audit report, ask about these data security technologies.
In our case, as a hosting provider, the minimum server security requirements to meet HIPAA compliance are:
We also recommend:
Is encryption required?
We are asked this repeatedly, and the answer is “No, but it’s a darn good idea.” Encryption is usually handled at the software application level, so if you are working with a Business Associate who is providing software, ask how they address it in the application. If you are putting your own software on a server, you’ll undoubtedly have taken encryption into account. Encryption requires decryption prior to use which is computationally expensive, so you can’t just encrypt everything on the server. The best tools and methods depend on the application, operating system and usage patterns. Look for the following best practices:
Important HIPAA policies to ask about:
Next week, we’ll talk about important questions to ask about disaster preparedness and how long it will take for you to access your PHI again in the event disaster strikes.
Are you going to HIMSS 12 in Las Vegas, Feb. 20-24? If so, stop by our Booth (#13528) and say hello! Online Tech will be exhibiting at HIMSS with our HIPAA compliant hosting solutions for healthcare and related organizations.
References:
HIPAA FAQ
What Services From Online Tech Help Make Me Compliant?
Encrypting Data to Meet HIPAA Compliance
SearchHealthIT: How to Comply With the HIPAA Security Rule
More HIPAA Resources
For HIPAA Compliant hosting, call 877.740.5028 or email [email protected]