Who Needs to Be HIPAA Compliant?
The Health Insurance Portability and Accountability Act (HIPAA) enacted in 1996, established industry standards for organizations working in healthcare. Since then, there has been some misunderstanding around who needs to be HIPAA compliant.
So do you need to be HIPAA compliant? The simple answer is, if you work in healthcare in any capacity, you need to be HIPAA compliant. The misconception that only covered entities (CEs) need to be HIPAA compliant has led to many organizations being audited and fined. If you are handling protected health information (PHI) you need to be HIPAA compliant. It is important for business associates (BAs) to be aware that they are required to be HIPAA compliant.
A large portion of HIPAA law relates to how PHI is handled. As such, the Department of Health and Human Services (HHS) requires business associate agreements (BAAs). BAAs must be executed before the transmission of any PHI can occur. The purpose of a BAA is not only to safeguard PHI, but to protect CEs and BAs in the event of a breach. If there is no BAA in place, both parties are liable.
The importance of protecting PHI is at the forefront of lawmakers minds, with states introducing their own laws to further protect information. The California Consumer Protection Act (CCPA) and the Oregon Consumer Information Protection Act (OCIPA) require stricter breach notification standards for reporting to affected individuals. The EU General Data Protection Regulation (GDPR) introduced in May 2018, protects not just health information, but any personal data that can directly or indirectly identify an individual.
Do you need to be HIPAA Compliant?
The Guard™
At Compliancy Group, our goal is to simplify compliance so that you can confidently grow your business. Our proprietary software covers all aspects of HIPAA law. Our cloud-based solution, the Guard gathers everything you need to demonstrate your “good faith effort” towards HIPAA compliance, so that in the event of an audit you have the peace of mind to know that we have you covered.
Once you have activated your HIPAA program in the software, you are eligible to receive our Trust Badge, that you can display on your website.