Things Every Small Business Needs to Know About HIPAA Hosting

HIPAA, or the Health Insurance Portability and Accountability Act of 1996, puts forth specific requirements for the way businesses manage patient information . More and more healthcare facilities are moving their records into digital format, making it increasingly important for small businesses to understand HIPAA as it relates to online hosting of personal and private information.

Things Every Small Business Needs to Know About HIPAA Hosting
Image via Flickr by garryknight

Independent Auditors are Important

The best way to verify a hosting company’s reliability is to have it audited independently against the most recent OCR HIPAA Audit Protocol. Don’t do business with any company that is less than 100% compliant in this evaluation. Your HIPAA compliance audits take place independently of the hosting site’s, but working with a host that is itself HIPAA compliant is a big step in the right direction. Managing medical files is much more delicate than other types of cloud computing, so you should work with a company that is familiar with this specific process.

Electronic Health Records Must be Available to Patients

HIPAA-covered businesses that use electronic health records must honor patients’ requests for electronic copies of said records within 30 days of notice. These businesses must also honor patients’ requests for an accounting of all disclosures of these electronic records. Make sure your chosen hosting site can provide these records and information within a reasonable amount of time so you can stay compliant with these requirements.

Understanding Safety Measures is Essential

Secure Information
Image via Flickr by Natasha Lopezbj

Your HIPAA hosting site must use a number of safety measures to protect the personal information of your patients. Some things to look for include:

  • Data access controls
  • A private firewall
  • Third-party antivirus protection
  • Data encryption that meets NIST standards
  • Physical security measures at data centers
  • Upon request, the host should also provide a network diagram of the data center’s topology and detailed information on their cloud security practices.

    You Must Know How the Information is Removed or Destroyed

    Your primary focus is probably on the storage and safekeeping of your patient documents, but it’s important to discuss what happens to the information after removal as well. When you remove patient records from the host’s site, it needs to destroy all traces of the file so the host does not keep a copy. A thorough Business Associates Agreement will cover what happens to data upon removal as well as what happens to your files if you end your services with the host.

    The Fine Print is Important

    Before you make a final decision about the security and reliability of a HIPAA host for your medical documents, make sure you read through the Provider’s Service Level Agreement and all other paperwork thoroughly. You need to know what will happen in a server outage. Find out what dangers equipment failures pose and how your information stays protected in these instances. Stay ready for all contingencies.

    Pay close attention to the overall information management and protection that’s available when you use a HIPAA host to make sure your small business is always in compliance with current laws and your patients are always well-protected.

    DJ Miller is a graduate student at the University of Tampa. He is an avid gadget geek who spends most his time writing on anything tech related. In his spare time he likes to travel, play soccer, and watch movies. You can follow him on twitter @MillerHeWrote.

    Follow Me

    More posts