Despite the Health Insurance Portability and Accountability Act (HIPAA) first being enacted over 20 years ago, some organizations are still found to be violating HIPAA Rules. Common causes for violations are related to security procedures. Below, we will outline some essential areas that HIPAA covered entities and their business associates should review to avoid sanctions…
Are Amazon Web Services (AWS) HIPAA Compliant? AWS includes the necessary features to be used in compliance with HIPAA’s Security Rule and Amazon will enter into Business Associate Agreements (BAA) with covered entities. Does this mean AWS is HIPAA compliant? As we often state, even when tools include all the required settings they must be…
HIPAA record retention requirements is understood to relate to two separate but similar retention requirements: those for HIPAA medical record retention and those for HIPAA record retention. This similarity has led to some uncertainty. Below we will try to explain which records are required to be kept for HIPAA compliance and what records covered entities…
Must Emails be Archived to Comply with HIPAA? HIPAA’s Security Rule does not stipulate that email archives must be HIPAA compliant. However, covered entities should consider archiving their email correspondence in a HIPAA compliant manner. The Security Rule does stipulate that electronic communications that include PHI must be kept for at least six years. These…
In specific circumstances, HIPAA covered entities are allowed to share sets of identifiable healthcare information, known as limited data sets, with authorized institutions and remain in compliance with the HIPAA Privacy Rule. In such cases, data can be shared for research, public health information, and healthcare operations without obtaining permission from patients. Limited data sets…
HIPAA compliance and Saas (Software as a Service) is another area that is causing confusion for many in the healthcare space. This is somewhat understandable as HIPAA was originally introduced in 1996, when the idea of SaaS and cloud storage platforms was far from the common consciousness. More recent Acts and Rules, such as 2009’s…
