The Health Insurance Portability and Accountability Compliance
The Health Insurance Portability and Accountability Act of 1996 (HIPAA), was the result of efforts by the federal government to ensure healthcare data practices permitted ease for patients to move jobs, insurance and healthcare providers.
The goals and objectives of this legislation are to streamline industry inefficiencies, reduce paperwork, make it easier to detect and prosecute fraud and abuse while enabling workers of all professions to change jobs easily, even if they (or family members) had pre-existing medical conditions.
HIPAA requires the ability to establish and maintain reasonable and appropriate administrative, technical, and physical safeguards to ensure integrity, confidentiality, and availability of the information. Healthcare organizations are required to individually assess their security and privacy requirements and take suitable measures to implement electronic data protection (both in transit and in storage). As proposed, a HIPAA-compliant information system will need to include a combination of administrative procedures, physical safeguards, and technical measures to protect patient information while it is stored and while it is transmitted across communications networks. IBackup provides critical data security protection without compromising patient privacy and can help customers achieve HIPAA compliance.
IBackup assists healthcare providers to be HIPAA compliant in these areas:
Preventing Unauthorized Access
Unauthorized access to individually identifiable health records is strictly forbidden, so care must be taken on how records are backed up, transported offsite and accessed to prevent unauthorized access.
Customers’ data is encrypted and transmitted securely to a vault that resides at a world-class data center that is insured to provide data protection services.
Access to the vaults and the data center is strictly controlled through administrative procedures, physical safeguards, and technical security measures to prevent unauthorized use or disclosure of customer data.
Logical access to the data is strictly controlled, with a secure user interface, which provides the ability to set password policies and assign users rights to manage the backup of specific servers. More importantly, access through the web does not permit a user to view the contents of data.
Healthcare providers must retain health records (electronic, written and oral) for a minimum of six years in accordance with the HIPAA privacy final ruling. Data will remain in the IBackup vaults for as long as the client chooses to retain it. IBackup does not have access to the contents of the data files stored.
Note: Many of the compliance items require usage of the optional private encryption key that is known only to you and not stored on IBackup servers.