Dave McCrystal
Rules & Regulations – Outsourcing HIPAA compliance among health care organizations
February 11, 2017
By Dave McCrystal
Security and flexibility within compliance in the health care field are important considerations for industry leaders. Health care providers, while focusing on providing the best patient care must simultaneously ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA), which translates to compliance with specific security, privacy and breach notification rules for the storage of protected health information (PHI). By choosing to outsource HIPAA cloud compliance, customers and providers are able to share a commitment to hosting an application that complies with HIPAA and HITECH rules, easing the burden in the process.
The outsourcing approach also allows health care organizations to reduce costs and increase productivity by enabling unified communications and disaster recovery tactics. With these measures in place, health care providers can focus more of their attention on patient care rather than compliance. HIPAA, established in 1996, is designed to promote the confidentiality and portability of patient records, as well as consistent security in the health care industry. The main HIPAA considerations are privacy and security. The security rule contains the administrative, physical and technical safeguards that must be put in place to protect the confidentiality of electronic PHI. Alternatively, the privacy rule allows covered providers and health plans to disclose protected health information to business associates (BAs) or entities that create, receive, maintain or transmit ePHI on behalf of another business associate. Disclosure is only allowed if there is a guarantee that PHI will be safeguarded from misuse.
The Health Information Technology for Economic and Clinical Health (HITECH) Act, established in 2003, expanded many of the requirements contained in HIPAA. The most notable provisions of this act were centered on notification requirements for ePHI breaches and penalties for non-reporting. In 2013, the Omnibus Rule made significant changes to the HIPAA privacy, security, breach notification and enforcement rules. The Omnibus Rule also expanded the definition of a BA to include entities that create, receive, maintain or transmit PHI on behalf of another entity. Following this new ruling, once electronic data is received by a covered entity, it becomes protected by HIPAA.
Health care organizations, the covered entities, are ultimately responsible for the security of their ePHI data. However, cloud providers can help to streamline this process by helping to move all communications and computing systems to the cloud. This partnership allows health care entities to focus on their primary responsibility: providing the highest standards of patient care. In order for cloud providers to maintain HIPAA compliance, it is necessary for them to deliver solutions that evolve and support the ever-changing regulatory requirements.
Cloud providers can help customers to ensure that the services they provide meet all technical safeguards and standards set forth by the HIPAA, HITECH and Omnibus acts. Outsourced cloud compliance should provide customers with a dedicated virtual switch that moves traffic through a dedicated firewall and restricts inbound and outbound communications. Limiting access to customer firewalls, routers, switches and other infrastructure equipment can also ensure that patient ePHI data is secure.
Physical access to data centers should be restricted to approved personnel, and the IT team should be monitored and assessed for vulnerabilities at all times. By partnering with an external cloud compliance organization, data backup, disaster recovery and incident management considerations can be consistently monitored to separate this responsibility from the health care system. Intrusion prevention and detection services in these cloud compliance agencies are other features that provide health care organizations with the assurance they need to make sure they can fully function regardless of the circumstances.
Cloud call centers are a prominent form of outsourced compliant cloud architecture that enable business continuity while also unifying multiple locations and remote agents on an integrated platform. The cloud call center, while complying with HIPAA, allows contact center managers to have greater agent control in partnership with business analytics that drive operational insight. As these features are delivered as a cloud service, organizations are able to upgrade to advanced features without CAPEX investment.
Cloud-based call centers provide control and benefits to health care organizations that cannot easily be achieved with on-site systems and equipment, which are often cumbersome. Managers are given access to new features while avoiding unexpected fees, allowing the customer relationship to remain strong. The cloud call center, in maintaining cloud compliance, maximizes the intrinsic value of the cloud, even for more complex operations such as multi-location call centers. Health care leaders must consider the benefits of cloud compliance partnerships to ensure that they have the right security regulations in place. With these systems in place, health care organizations can truly support their medical practices and put patients first.
About the author: Dave McCrystal is the vertical marketing manager, health care, at Evolve IP.
Security and flexibility within compliance in the health care field are important considerations for industry leaders. Health care providers, while focusing on providing the best patient care must simultaneously ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA), which translates to compliance with specific security, privacy and breach notification rules for the storage of protected health information (PHI). By choosing to outsource HIPAA cloud compliance, customers and providers are able to share a commitment to hosting an application that complies with HIPAA and HITECH rules, easing the burden in the process.
The outsourcing approach also allows health care organizations to reduce costs and increase productivity by enabling unified communications and disaster recovery tactics. With these measures in place, health care providers can focus more of their attention on patient care rather than compliance. HIPAA, established in 1996, is designed to promote the confidentiality and portability of patient records, as well as consistent security in the health care industry. The main HIPAA considerations are privacy and security. The security rule contains the administrative, physical and technical safeguards that must be put in place to protect the confidentiality of electronic PHI. Alternatively, the privacy rule allows covered providers and health plans to disclose protected health information to business associates (BAs) or entities that create, receive, maintain or transmit ePHI on behalf of another business associate. Disclosure is only allowed if there is a guarantee that PHI will be safeguarded from misuse.
The Health Information Technology for Economic and Clinical Health (HITECH) Act, established in 2003, expanded many of the requirements contained in HIPAA. The most notable provisions of this act were centered on notification requirements for ePHI breaches and penalties for non-reporting. In 2013, the Omnibus Rule made significant changes to the HIPAA privacy, security, breach notification and enforcement rules. The Omnibus Rule also expanded the definition of a BA to include entities that create, receive, maintain or transmit PHI on behalf of another entity. Following this new ruling, once electronic data is received by a covered entity, it becomes protected by HIPAA.
Health care organizations, the covered entities, are ultimately responsible for the security of their ePHI data. However, cloud providers can help to streamline this process by helping to move all communications and computing systems to the cloud. This partnership allows health care entities to focus on their primary responsibility: providing the highest standards of patient care. In order for cloud providers to maintain HIPAA compliance, it is necessary for them to deliver solutions that evolve and support the ever-changing regulatory requirements.
Cloud providers can help customers to ensure that the services they provide meet all technical safeguards and standards set forth by the HIPAA, HITECH and Omnibus acts. Outsourced cloud compliance should provide customers with a dedicated virtual switch that moves traffic through a dedicated firewall and restricts inbound and outbound communications. Limiting access to customer firewalls, routers, switches and other infrastructure equipment can also ensure that patient ePHI data is secure.
Physical access to data centers should be restricted to approved personnel, and the IT team should be monitored and assessed for vulnerabilities at all times. By partnering with an external cloud compliance organization, data backup, disaster recovery and incident management considerations can be consistently monitored to separate this responsibility from the health care system. Intrusion prevention and detection services in these cloud compliance agencies are other features that provide health care organizations with the assurance they need to make sure they can fully function regardless of the circumstances.
Cloud call centers are a prominent form of outsourced compliant cloud architecture that enable business continuity while also unifying multiple locations and remote agents on an integrated platform. The cloud call center, while complying with HIPAA, allows contact center managers to have greater agent control in partnership with business analytics that drive operational insight. As these features are delivered as a cloud service, organizations are able to upgrade to advanced features without CAPEX investment.
Cloud-based call centers provide control and benefits to health care organizations that cannot easily be achieved with on-site systems and equipment, which are often cumbersome. Managers are given access to new features while avoiding unexpected fees, allowing the customer relationship to remain strong. The cloud call center, in maintaining cloud compliance, maximizes the intrinsic value of the cloud, even for more complex operations such as multi-location call centers. Health care leaders must consider the benefits of cloud compliance partnerships to ensure that they have the right security regulations in place. With these systems in place, health care organizations can truly support their medical practices and put patients first.
About the author: Dave McCrystal is the vertical marketing manager, health care, at Evolve IP.