Frequently Asked HIPAA Questions
What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act. The purpose of HIPAA is to ensure the privacy and security of patient protected health information (PHI). The HIPAA regulation consists of three main rules: the HIPAA Privacy, Security, and Breach Notification Rules.
Each of these Rules has a specific purpose and requires organizations to implement policies and procedures to ensure adherence.
- HIPAA Privacy Rule: dictates the proper uses and disclosures of PHI
- HIPAA Security Rule: requires organizations to implement measures to ensure the confidentiality, integrity, and availability of PHI
- HIPAA Breach Notification Rule: requires organizations to report breaches that affect PHI
What is the HIPAA Security Rule?
The HIPAA Security Rule requires that we implement safeguards to keep protected health information (PHI) secure. To meet our security requirements, we implement administrative, technical, and physical safeguards. Some of these measures include encryption, user authentication, access controls, audit trails, data backup, and disaster recovery.
Do You Sign BAAs?
Yes, we are HIPAA compliant and will sign a Business Associate Agreement, which requires us to use specific safeguards to protect your data.
You can email your signed BAA to us at email@example.com. We will review it, and assuming everything looks good, we will sign it and replace the BAA on file for your account.
It is important that while we are HIPAA compliant, you are responsible for your own HIPAA compliance program and how you use it. Learn more about Business Associate Agreements. If you need help with becoming HIPAA compliant please contact Compliancy Group at HIPAA@compliancygroup.com
Why Do I Need a BAA?
Without a signed Business Associate Agreement (BAA) our service cannot be used in compliance with HIPAA. This is because as a HIPAA Business Associate contracted by your organization, we have the potential to access protected health information (PHI). HIPAA requires us to have a signed BAA in place with you before you can use our service.
What is the HIPAA Seal of Compliance
There is no official certification of HIPAA compliance, but we partnered with a third-party company to ensure we are doing everything right and, after completing their program, received their Seal as proof of our good faith effort. The Seal of Compliance verifies and validates our efforts to comply with HIPAA.
You can click verify our compliance or click on the HIPAA Seal of Compliance in the footer of this website.
Do We Conduct a Security Risk Assessment?
Yes, as a Business Associate, we are required to conduct an annual security risk assessment (SRA) as part of our HIPAA compliance. SRAs identify deficiencies in security practices, allowing us to implement measures to improve our security and prevent breaches. Learn about Security Risk Assessments.