What is HIPAA compliance?
The Health Insurance Portability and Accountability (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) acts, enforced by the U.S. Department of Health and Human Services, provide federal protections for personal health information held by Covered Entities and give patients an array of rights with respect to that information. They further specify a series of administrative, physical and technical safeguards for covered entities to use to assure the confidentiality, integrity and availability of electronic protected health information (ePHI).
Meeting the HIPAA demands of the Department of Health and Human Services
Organizations considered to be a Covered Entity include: health care providers, health plans, and health information clearinghouses that process health care information. A Covered Entity must be able to demonstrate HIPAA compliance. Further, third parties providing business services to Covered Entities must provide reasonable assurances that they will appropriately safeguard ePHI.
Expedient is your managed services data center provider for HIPAA compliance
In addition to a wide range of complementary managed data center services, Expedient can act as a HIPAA Business Associate and provide the following written assurances:
- Service Organization Control (SOC) 1 Report (aka SSAE-16)
- Service Organization Control (SOC) 2 Report (availability, confidentiality & security)
- HIPAA Policy Manual
- HIPAA Business Associate Agreement (BAA)
Having a BAA with Expedient will satisfy the Department of Health and Human Services Office of Civil Rights’ requirement for having a legal framework with us as a trusted third party partner. While hosting with Expedient doesn’t exclusively make an organization compliant with HIPAA, it does reduce the time and expense associated with many of the requirements.
More information about HIPAA is available from the U.S. Department of Health and Human Services.