With increasing data breaches happening every year at major companies like Kohl's, Abercrombie and Fitch, Cigna and Anthem, it is more important than ever to know if your company is HIPAA compliant or not. Federal law requires companies dealing with private health information, or any business that hosts this information on their servers, to be HIPAA compliant.
Even if your company does not need to comply with HIPAA regulations, it is a good idea to protect other sensitive information like credit card numbers and customer employment information as strictly as private health information. Anthem's data breach in March exposed the records of more than 80 million people, many of whom were not even Anthem customers. Michael Hiltzik of the L.A. Times explains that Anthem handled records for some independent insurance companies, and the private information of those customers was also released in the breach. Though credit card information was not exposed in this breach, social security numbers and home addresses were.
HIPAA guidelines can be helpful to prevent attacks on sensitive information. In a previous post, we outlined the three safeguards - administrative, physical and technical - that HIPAA requires companies to have in order to protect data. Many companies choose to host sensitive information with another company, called a Business Associate, who is also HIPAA compliant.
Companies that may not need to be HIPAA compliant but are looking to host information elsewhere should consider selecting a company that complies with HIPAA standards. Marlene Maheu at the Telemental Health Institute wrote an article detailing which cloud-storage services are HIPAA compliant.
If you are wondering whether your business has met these standards, you can evaluate your risk with HealthIT.gov's security risk assessment tool.
For more information on Giva's HIPAA compliance status, please see our website detailing 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.