Integrity is important to the healthcare industry — as it should be. Keeping data secure and patients safe is, in part, why we need HIPAA/HITECH certification.
HIPAA sets a national standard for the protection of consumers’ Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) by mandating risk management best practices as well as physical, technical and administrative safeguards.
The “Administrative Simplification rules” apply to health plans, health care clearinghouses and to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
HIPAA was established to provide greater transparency for individuals whose information may be at risk, and the OCR enforces compliance with the HIPAA Security, Privacy and Breach Notification Rules.
What Does the HIPAA/HITECH Certification Verify?
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), AISN is defined as a covered entity or a business associate. As such, we are required to implement policies necessary to secure electronic protected health information (ePHI) in accordance with the HIPAA Security Rule. Additionally, the HITECH Act includes requirements for organizations that store ePHI to implement procedures to report the breach of unprotected ePHI. Our certification is an attestation to our compliance with the HIPAA Security Rule. Further, our incident response and breach reporting procedures are evaluated against the HITECH requirements.
May I See Your HIPAA/HITECH Certification Report?
Use of the HIPAA/HITECH certification report is restricted, but current AISN customers can request a copy of the report using an appropriate non-disclosure agreement.
What HIPAA/HITECH Safeguards Are Examined?
Our independent auditor has performed an assessment to determine our organization’s compliance with the HIPAA Security Rule, including the safeguards below, and has evaluated our incident response and breach reporting procedures against the HITECH requirements:
- Administrative Safeguards
- Physical Safeguards
- Technical Safeguards
- Organizational, Policies and Procedures and Documentation Requirements