HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) provides standards on the lawful use and disclosure of protected health information – This includes names, addresses, phone numbers, Social Security numbers, medical records, financial information and more. 

 

Any organization that collects, creates, or transmits this information electronically (a “covered entity”) must comply with HIPAA. So too must “business associates” that encounter this information, including billing companies, storage providers, email hosting services, attorneys, accountants and many more.

 

HIPAA regulation requires compliance with a number of standards:

  • Self-audits to assess administrative, technical, and physical gaps in compliance

  • Documented remediation plans to reverse compliance violations

  • Regularly updated policies, procedures and employee training

  • Documentation of ALL efforts to become HIPAA compliant

  • Business Associate Management including agreements before ANY information is shared

  • Incident Management to document any data breach

HIPAA violations are fined on a sliding scale ranging between $100-$50,000 per violation which can include a single record, this could amount to $1,500,000 in fines per year for an identical provision.  However, if there was no “good faith effort” to comply, fines can become astronomical, and negligence could even lead to a criminal offense with a year of jail time.

 

CyGov has integrated HIPAA and mapped this standard back to other frameworks and standards, this helps save time, ensure accuracy and creates peace of mind when handling PHI.

Background footer new.png

Follow Us

Group 9703@2x.png
Group 9705@2x.png

© 2020 by CyGov Tech