Health Insurance Portability and Accountability Act (HIPAA) Compliance

What is HIPAA compliance?

The Health Insurance Portability and Accountability (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) acts, enforced by the U.S. Department of Health and Human Services, provide federal protections for personal health information held by Covered Entities and give patients an array of rights with respect to that information. They further specify a series of administrative, physical and technical safeguards for covered entities to use to assure the confidentiality, integrity and availability of electronic protected health information (ePHI).

Meeting the HIPAA demands of the Department of Health and Human Services

Organizations considered to be a Covered Entity include: health care providers, health plans, and health information clearinghouses that process health care information. A Covered Entity must be able to demonstrate HIPAA compliance. Further, third parties providing business services to Covered Entities must provide reasonable assurances that they will appropriately safeguard ePHI.

Expedient is your managed services data center provider for HIPAA compliance

In addition to a wide range of complementary managed data center services, Expedient can act as a HIPAA Business Associate and provide the following written assurances:

• Service Organization Control (SOC) 1 Report (aka SSAE-18)
• Service Organization Control (SOC) 2 (availability, confidentiality & security) + Health Information Trust (HITRUST) Report
  • The American Institute for Certified Public Accountants (AICPA) has partnered with the HITRUST Alliance to develop a single illustrative SOC 2 + HITRUST CSF report that incorporates all relevant criteria into a single control attestation. This framework supports the Health Insurance Portability and Accountability Act (HIPAA). Receipt of this report requires execution of a mutual non-disclosure agreement; the NDA and report are available from an Expedient account manager.
• HIPAA Policy Manual
• HIPAA Business Associate Agreement (BAA)

Having a BAA with Expedient will satisfy the Department of Health and Human Services Office of Civil Rights’ requirement for having a legal framework with us as a trusted third party partner. While hosting with Expedient doesn’t exclusively make an organization compliant with HIPAA, it does reduce the time and expense associated with many of the requirements.

More information about HIPAA is available from the U.S. Department of Health and Human Services.