Connectria Hosting- HIPAA Compliant Hosting Services

of 17/17
Supporting HIPAA Compliance Through Managed Hosting
  • date post

    07-May-2015
  • Category

    Technology

  • view

    182
  • download

    1

Embed Size (px)

description

Connectria provides HIPAA Compliant Hosting for customers in the healthcare and dental industry or anyone who must comply with the HIPAA and HITECH Act security standards surrounding the storage of Protected Health Information (PHI). Our services include: c -HIPAA Cloud Hosting -HIPAA Managed Hosting (Dedicated Server Hosting) -HIPAA Hybrid Hosting (a combination of Cloud Hosting and Dedicated Server Hosting) 100% HIPAA Compliant & Business Associates Agreement (BAA) Friendly: Our world-class data centers and hosting services successfully undergo independent 3rd party HIPAA assessments to demonstrate our 100% HIPAA compliance, allowing our many healthcare and dental customers to satisfy their HIPAA security obligations. Connectria also provides hosting for many SaaS providers requiring HIPAA compliance, as well as organizations looking for HIPAA Compliant Cloud Storage. We are also Business Associates Agreement (BAA) friendly, and routinely enter into Business Associates Agreements with our customers.

Transcript of Connectria Hosting- HIPAA Compliant Hosting Services

  • 1.Supporting HIPAA Compliance Through Managed Hosting

2. Agenda HIPAA Defined HIPAA Compliance and Non-Compliance Managed Hosting and HIPAA Compliance Connectrias HIPAA Solutions 2 3. Disclaimer As you will see throughout this presentation, it is the customers sole responsibility to assure that it takes appropriate steps to achieve compliance with its HIPAA obligations. Connectria makes no representations or warranties of any kind that customers will be HIPAA compliant by solely utilizing Connectrias services. 3 4. What is HIPAA? Health Insurance Portability & Accountability Act Designed to improve the efficiency and effectiveness of the American health care system 1. Group and individual insurance reform 2. Accountability 3. Administrative Simplification 4 5. The Broad HIPAA Legislation HIPAA legislation consists of five titles: Title I Health care access, portability and renewability Title II Preventing health care fraud and abuse; administrative simplification; medical liability reform Title III Tax-related health provisions Title IV Application and enforcement of group health plan requirements Title V Revenue offsets 5 6. More on Title II Administrative Simplification requires: Improved efficiencies through standardized EDI (electronic data interchange) Privacy and security of health data through standards enforcement In 2009, the Health Information Technology for Economic and Clinical Health Act (HITECH) extended HIPAA privacy and security requirements as well as increased enforcement 6 7. Electronic Information and HIPAA HIPAA applies to all forms of information, however electronic data raises a distinct set of guidelines, particular for security Protected Health Information (PHI or EPHI) is individually identifiable health information (e.g.name, phone#, email, SS#, etc.) that is transmitted by, or maintained in, electronic media or any form or medium 8. HIPAA Security Safeguards Source: Gartner 8 Administrative Physical Facility Access Controls Workstation Use Workstation Security Device and Media Controls Technical Access Control Audit Controls Integrity Person or Entity Authentication Transmission Security Security Management Process Assigned Security Responsibility Workforce Security Information Access Management Security Awareness and Training Security Incident Procedures Contingency Plan Evaluation Business Associate Contracts and Other Arrangements 9. HIPAA Applies to Covered Entities Doctors Clinics Psychologists Dentists Chiropractors Nursing Homes Pharmacies but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard. Source: US Dept of Health and Human Services, HHS.gov A Health Care Provider Health insurance companies HMOs Company health plans Government programs that pay for healthcare, such as Medicare, Medicaid, and military and veterans health care programs A Health Plan Entities that process non- standard health information they receive from another entity into a standards (i.e., standard electronic format or data content), or vice versa. A Health Care Clearinghouse A Covered Entity is One of the Following: 9 10. Achieving Compliance Understand the laws and compliance Seek outside counsel if necessary The security rule is expressed as a set of standards and implementation specifications, with some flexibility built into the law STANDARDS Are required, must be met, however can be met in any fashion that is reasonable and appropriate for a given organization IMPLEMENTATION SPECIFICATIONS Are required or addressable (but not optional) Organizations must document any addressable specification deemed not reasonable or appropriate Source: Gartner 10 11. Potential Cost of Non-Compliance Civil and criminal penalties for privacy and security violations HITECH Act strengthened enforcement Fines up to $25,000 for multiple violations of the same standard in a calendar year Fines up to $250,000 and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information 11 12. Breaches and Penalties are Real 12 13. The HIPAA Solution Misconception There is no such thing as a HIPAA Compliant Managed Hosting Solution HIPAA Compliance Extends well beyond securing electronic data (Titles I-V)1 Managed Hosting Companies are not Covered Entities2 Managed Hosting Companies can support but not guarantee compliance3 13 14. Connectrias HIPAA Solutions Connectria has a HIPAA solution for any type of covered entity Supports a wide range of mission critical systems including: Solutions for healthcare related software companies (e.g. SaaS) Packaged and customized HIPAA Solutions Extranets/Intranets Email environments Disaster recovery environments e-learning systems Electronic Medical Records (EMR) systems Patient management systems Billing systems, e-Commerce websites 14 15. Connectrias HIPAA Solutions 15 Administrative Physical Facility Access Controls Workstation Use Workstation Security Device and Media Controls Technical Access Control Audit Controls Integrity Person or Entity Authentication Transmission Security 15 Security Management Process Assigned Security Responsibility Workforce Security Information Access Management Security Awareness and Training Security Incident Procedures Contingency Plan Evaluation Business Associate Contracts and Other Arrangements 16. A Few of Our Customers 16 17. For more information Interested in learning more about Connectrias HIPAA Solutions? Call us at: 1-800-781-7820 or 314-587-7000 Email us at: [email protected] Visit us at: www.connectria.com 17