Health Insurance Portability and Accountability Act Compliance
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the result of efforts by the federal government to ensure healthcare data practices allow patients to easily move jobs, insurance, and/or healthcare providers.
The goals and objectives of this legislation are to streamline industry inefficiencies, reduce paperwork, make it easier to detect and prosecute fraud and abuse while enabling workers of all professions to change jobs easily even if they (or family members) had pre-existing medical conditions.
HIPAA requires the ability to establish and maintain reasonable and appropriate administrative, technical, and physical safeguards to ensure integrity, confidentiality, and availability of information. Healthcare organizations are required to individually assess their security and privacy requirements and take suitable measures to implement electronic data protection (both in transit and in storage). As proposed, a HIPAA-compliant information system must include a combination of administrative procedures, physical safeguards, and technical measures to protect patient information while it is stored and transmitted across communications networks. Craig Computers provides critical data security protection without compromising patient privacy and can help customers achieve HIPAA compliance.
Craig Computers assists healthcare providers to be HIPAA compliant in the following manner:
- Unauthorized access to individually identifiable health records is strictly forbidden; data is encrypted and transmitted securely to a vault that resides at a world-class data center that provides SOC approved data protection service.
- Access to the vaults and the data center is strictly controlled through administrative procedures, physical safeguards, and technical security measures to prevent unauthorized use or disclosure of customer data.
- Data remains on the servers for as long as you wish to retain it.
Note: Many of the compliance items require usage of the optional private encryption key that is known only to the user and not stored on Craig Computers’ servers.