Many Covered Entities and Business Associates are unsure if their online data storage (i.e, web hosting or cloud hosting) must be HIPAA compliant. The Omnibus says “yes” very clearly:
For example, a data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis.
HealthCare Too offers these three simple questions to help Covered Entities and Business Associates determine if they need HIPAA Cloud Hosting:
1) Does the organization have a Business Associate Agreement with the hosting provider?
2) Has the hosting provider implemented appropriate safeguards to comply with HIPAA?
3) Can the organization retrieve all backups, audit logs, and other system administration material for the account from the hosting provider?
If the answer to all three questions is not “Yes”, HelathCare Too’s HIPAA Cloud Hosting provides the assurance of high-performance, medical-grade HIPAA Cloud Hosting in a HIPAA audited data center (auditor report available).
|Service Name:||HIPAA Compliance — Policies and Procedures|
|Service Category:||Compliance as a Service (CaaS)|
|NAICS Code(s):||541611 Administrative Management and General Management Consulting ServicesThis U.S. industry comprises establishments primarily engaged in providing operating advice and assistance to businesses and other organizations on administrative management issues, such as financial planning and budgeting, equity and asset management, records management, office planning, strategic and organizational planning, site selection, new business startup, and business process improvement.|
|Service Description:||Our professional services team will work with you to determine and then write appropriate HIPAA Compliance Policies and Procedures required by the Health Insurance Portability and Accountability Act (HIPAA) for your organization. Additionally, we can provide a Communications Plan to disseminate those Policies and Procedures as well as provide training to you and your associates.|
|Intended Customers:||All businesses and organizations (i.e., Covered Entities and Business Associates) that do not have policies and procedures in line with the latest HIPAA regulations (must be in compliance by Sept 23, 2013 with noted exceptions).|
|Customer Benefit:||Benefits include:
Additionally, as a certified women owned and run business enterprise (WBE), we can help with any supplier diversity program requirements you may have.
|Service Reports:||You will receive a full set of policies and procedures to address HIPAA requirements for use throughout your organization.|
|Service Review Frequency:||We will prepare with you a timetable and change management events for recurring risk assessments that will keep you appraised of changes required in HIPAA policies and procedures.|
|Compliance Programs:||HIPAA / HITECH|
|Pricing:||Available by quote or RFP.|
|How to Purchase:||Contact HCT at email@example.com or
call us at 866-596-4325
|Configuration Items and Specifications||N/A|
For a detailed analysis of the HIPAA Compliance expectations on Business Associates download our White Paper, “HIPAA and Business Associates: Tempest in a Teapot or Perfect Storm?“