HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.
The HIPAA Privacy Rule addresses the saving, accessing, and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained, or transmitted electronically, also known as electronic protected health information (ePHI).
R&D Health Services LLC works with LiquidWeb; a HIPAA compliant hosting provider. Physical safeguards of our hosting provider include limited facility access and control, with authorized access in place.
Our hosting provider implements policies about use and access to workstations and electronic media. This includes transferring, removing, disposing, and re-using electronic media and electronic protected health information (ePHI).
Our hosting provider also abides by technical safeguards which require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.
Audit reports, or tracking logs, are also implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations.
Technical policies also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied, and patient health information can be recovered accurately and intact.