20171020_HIPAA-Compliant-Software_header

An Introduction to HIPAA Compliant Software

/ in software , cybersecurity , FDA , HIPAA , IT , news / by Christina S

In today’s fast-paced business world, cloud-based services are taking over. These services are identified with terms like “platform as a service” (PaaS), “software as a service” (SaaS), and even “infrastructure as a service” (IaaS). Each of these refers to a service based in data centers that you access through the internet—as opposed to local servers in your work environment. It is only natural that the healthcare industry would aim to take advantage of this, cutting down on IT costs and increasing accessibility to protected health information (PHI).

As an IT person jumping down the HIPAA rabbit hole, I learned that compliance is not as easy as ticking a checkbox or purchasing a software license. Here are some things to consider about the purchase and use of cloud-based services with HIPAA compliance:

1. Compliance is not built-in, it’s configured.

To appeal to the healthcare industry, cloud-based services started making products that can be HIPAA compliant. Note that I said, “can be” and not “are.”

This is an important distinction when shopping for services like email and storage. Very few, if any, cloud services will be meet HIPAA standards right out of the box. As an IT admin, you will need to configure the service settings yourself and maintain those settings to stay compliant. Here is a great resource with tips on meeting HIPAA standards, although it is not a definitive guide: https://www.hipaajournal.com/hipaa-compliance-checklist/

 

2. You need a Business Associate Agreement.

Since these cloud services will be hosting or transmitting PHI, you need a Business Associate Agreement, or BAA, with that service. This agreement means that you share the responsibility of meeting HIPAA standards. If the service mishandles PHI data, you are not on the hook for it. Without this agreement, your company puts PHI at risk and could be heavily fined.

3. There is no such thing as certifying HIPAA compliance.

The U.S. Department of Health and Human Services does not recognize any HIPAA certification as a mark of compliance. However, it’s certainly beneficial that your employees are trained in HIPAA knowledge and practices. There are even companies like ComplySmart that will provide a HIPAA assessment to guide you in the right direction. Keep in mind that no certification nor assessment is enough to guarantee your compliance with HIPAA.

4. Compliance is not “set it and forget it.”

You’ve gone through your checklist, you got your BAA signed, and your employees are educated on HIPAA standards and best practices. You’re all done, right? For now, yes. But you need to always keep an eye out for new cybersecurity threats, so you can protect your servers and workstations, and make sure employees are trained on best practices for safe usage of these services. There is no patch for human error, but you can provide training and audits to ensure your PHI is being handled correctly.

---

Whether you’re searching for a new cloud service or you have one already, keep these tips in mind to ensure your information is safe. The cloud is an incredibly useful tool for the healthcare industry; you just have to do your due diligence to protect the rights and privacy of your patients and their information.

This post was edited by Lindsey Stefan.
Share this entry
You might also like
COVID-19 Vaccine: Demystifying Operation Warp Speed
COVID-19 Vaccine: Demystifying Operation Warp Speed
Our Chicago office is Open!
Our Chicago office is Open!
Happy 4th of July 2019
Happy 4th of July 2019
DS Celebrates 1 Year Anniversary at 123 S Broad
DS Celebrates 1 Year Anniversary at 123 S Broad
Healthcare Providers: We want your input!
Healthcare Providers: We want your input!
What is a Caregiver?
What is a Caregiver?
HFES Health Care Symposium 2019: A Recap
HFES Health Care Symposium 2019: A Recap
Juvenile Arthritis Patients Can Make a Difference
Juvenile Arthritis Patients Can Make a Difference

Subscribe to our monthly newsletter

TAGS

See all

ARCHIVES

See all

Philadelphia

123 S. Broad Street, Suite 1350
Philadelphia, PA 19109
T 215.627.4122
F 215.627.4335

Chicago

909 Davis Street, Suite 470
Evanston, IL 60201
T 312.584.0240
F 215.627.4335

Germany

Blütenstraße 15
80799 München
Germany
T +49.(0)178.876.7277

Get in touch

We conduct rigorous research to optimize the usability, safety, and customer appeal of products. Contact us to discuss a project today.

Privacy Policy

© 2019 Design Science Consulting, Inc.