• LA: (337) 474-4249 TX: (409) 724-0440
  • Lake Charles, Louisiana 2950 Country Club Lake Charles, LA 70605
  • Nederland, Texas 2909 Spurlock Rd Nederland, TX 77627

What You Need to Know About Compliance with HIPAA & HITECH

The Health Insurance Portability and Accountability Act (HIPAA) is a Federal statute that, among other things, controls what health care providers and other “covered entities” do with protected health information (PHI). Maintaining the integrity of ePHI is a key element of compliance with HITECH and HIPAA Security Rules. Not only is the scale of these regulations staggering, but any ePHI transmitted outside of an organization´s network, including what’s stored in the Cloud, must be compliant as well.

Is The Cloud Safe For Regulated Industries?

With the widespread adoption of cloud computing, HIPAA covered entities, and their business associates are questioning whether the cloud is safe enough for their data. How can you take advantage of cloud computing while complying with regulations protecting the privacy and security of ePHI? The Department of Health and Human Services has responded with requirements here.

The simple answer is yes, the cloud is safe enough. It’s often more reliable than storing data on local servers and computers. But you must have everything set up correctly and your employees trained.

However, with cloud computing evolving all the time, Health and Human Services doesn’t endorse any specific technologies, so a lot is left to interpretation. What helps so many business owners in this area is working with an experienced managed IT service provider who understands these regulations.

When you work with National Networks, you get a whole team of people who daily deal with complex regulations like HIPAA and HITECH. You don’t have to hire professionals to come in and ensure compliance.

Of course, you can deal with it yourself, but it is time-consuming and mistakes can be costly. Below are a few things to ask yourself if you’re thinking of how best to deal with HIPAA compliance.

  • Is this something you want to deal with?
  • Do you have the expertise?
  • What if you misinterpret the regulations?
  • Do you have the time?

What Do You Have To Do To Conform To HIPAA?

You need to:

  • Formulate your privacy practices
  • Notify patients of privacy practices
  • Obtain consent or authorization when required
  • Make sure that your arrangements with business partners meet HIPAA requirements
  • Make sure you distinguish your normal health care operations, where consent is not required, from disclosures, where consent or authorization is required
  • Make sure you follow the HIPAA “security rule,” which covers PHI in electronic form

How National Networks Can Help With HIPAA & HITECH

Training of staff on HIPAA rules and practices is by far the most crucial step. The second is making sure that ePHI stored in electronic form is protected. That involves things like:

  • Using encryption when data is stored or transmitted
  • Protecting records with the latest technology such as swipe cards or biometric identifiers
  • Making sure that staff have only the access needed to do their jobs
  • Making sure that access to systems is, at a minimum, protected by strong passwords

National Networks can handle everything from training employees to making sure all data, whether at rest or in transit, complies with HIPAA regulations. We can also deal with third-party vendors to ensure their compliance.

Main Points to Remember:

  • HIPAA compliance is not optional.
  • Penalties for violating it can be very costly.
  • HIPAA applies to PHI in any form – paper or electronic.
  • Obtaining consent is generally a good idea; authorizations are required.
  • Depending on the services your business partners provide to you, they may be required to conform to HIPAA as well.
  • It is always better to err on the side of caution when dealing with HIPAA.

The HIPAA website can answer many of your questions. But if you’re working with National Networks as your managed IT services provider, we have the tools, people and other resources to help with compliance.

How We Can Help

We start by conducting a HIPAA risk analysis for you and your business associates. HIPAA requires that both you and your business associates perform an IT risk assessment. An evaluation of all system threats and vulnerabilities is an essential first step. It will reveal areas where your organization’s ePHI could be at risk. Next, we do a review of all security policies and procedures for HITECH/HIPAA compliance, then implement the proper security safeguards to protect ePHI.

Our job is to ensure you are compliant with HIPAA’s technical standards and we take that job very seriously.

We Can Also Help With Your HIPAA Business Associate Agreements (BAA)

A HIPAA BAA is a contract between you and your business associates. It’s mandatory and must be signed by all of your business associates verifying that they agree to protect ePHI and comply with all HIPAA Security Rules. This makes sure everyone is aware of the importance of safeguarding the personal information of patients. It also protects you legally in case of an event.

Preparing For Data Breaches

We educate your executives on how to deal with a cyber breach should one occur. There are numerous steps to follow after any cyber breach incident. And it’s essential to carry out each one promptly. This is vital info that your management staff should be aware of. You can avoid costly mistakes and get the breach under control more quickly when your senior staff is well-trained.

National Networks has a full suite of network programs and other resources that can help you with all compliance regulations for your business. We take the stress out of the equation so you can run your company.

Contact Us

If you’d like to learn more about how National Networks can prepare your business to meet HIPAA compliance, please contact us. We have the experience, resources, and tools to handle this complex but important issue. In Texas, call (409) 724- 0440 or in Louisiana, call (337) 474-4249.


Published on 2nd January 2019 by Shawn Maggio