For fewer than 25 employees
For greater than 25 employees
Manage and track business associates
What are HIPAA Compliance Requirements?
You may have worked with companies that promise solutions, but fail to deliver. SecurityMetrics guides you through HIPAA security compliance and supports you every step of the way to ensure your organization is HIPAA certified. SecurityMetrics provides unmatched support and has been globally awarded for its ability to do so. When you partner with SecurityMetrics, you will love our detailed work and world-class support.
Here's what our customers are saying
SecurityMetrics spent a great deal of time with me so that I felt confident and comfortable. I feel they went above and beyond. THANK YOU SECURITYMETRICS!
I appreciate the expert help from SecurityMetrics as our office worked through understanding the HIPAA regulations. The staff was knowledgeable and very helpful. The validation process went off without a hitch!
SecurityMetrics gave me the support and help to quickly review my HIPAA compliance and create the strategies needed to remain in compliance. A great and easy experience.
The person that I spoke with was very thorough and explained any questions that I didn't understand.
SecurityMetrics helped me navigate through the maze of compliance issues. Excellent customer service!
SecurityMetrics has been a great help to my business and took a great deal off of my shoulders. The staff is terrific to work with. Thank you!
SecurityMetrics has taken the worry out of ensuring compliance. They worked hand in hand with my Information Technology Specialist providing an action plan after performing an in-depth risk analysis.
Top Reasons to Use SecurityMetrics for HIPAA Security Compliance
Award-Winning HIPAA Certification Support
Know you're meeting your HIPAA compliance requirements
Lasting HIPAA Compliance
HIPAA Compliance Automation
A partner you can trust
What Does HIPAA Stand For?
HIPAA stands for Health Insurance Portability and Accountability Act. It was formed in 1996 and, among other things, protects patient health information.
Who must be HIPAA compliant?
To obtain HIPAA certification, all organizations must abide by the HIPAA Rules. The HIPAA Rules apply to two groups: covered entities and business associates. A covered entity is a health plan, health care clearinghouse or health care provider who electronically transmit any health information. Examples of covered entities are:
- Health insurance companies
- Company health plans
A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. Examples of business associates (whose services involve access to PHI) are:
- IT providers
- Billing and coding services
For more detailed information on the definition of a covered entity and businesses associate visit The Department of Health and Human Services (HHS) website.
HIPAA Privacy Rule
The HIPAA Privacy Rule provides federal protections for personal health information and gives patients rights to their own protected health information (PHI). The Privacy Rule permits the disclosure of PHI needed for patient care and other important purposes. The Privacy Rule applies to all healthcare providers, including those who do not use an Electronic Health Record (EHR) system, and includes all mediums: electronic, paper, and oral.
Privacy Rule Basics:
- Spells out administrative responsibilities
- Discusses written agreements between covered entities and business associates
- Discusses the need for privacy policies and procedures
- Describes employer responsibilities to train workforce members and implement requirements regarding their use and disclosure of PHI.
Privacy Rule Examples
- Train all employees on its privacy policies and procedures
- Properly dispose of documents containing protected health information
- Secure medical records with lock and key or pass code
- Create procedure for individuals to know to whom they can submit a complaint about a covered entity's compliance with the Privacy Rule
HIPAA Security Rule
The HIPAA Security Rule requires covered entities, business associates, and their subcontractors to become HIPAA certified by implementing safeguards to protect electronic protected health information (ePHI) that is created, received, or maintained. It specifies a series of administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of ePHI. Most violations of the HIPAA Security Rule result from businesses not following policies and procedures to safeguard ePHI, thus preventing them from becoming HIPAA certified.
Security Rule Basics:
- Establish a national set of security standards for ePHI
- Protects health information held or transmitted in electronic form
- Requires administrative, physical, and technical safeguards to secure ePHI
- Supports the Privacy Rule requirement to reasonably safeguard PHI in all forms
Security Rule Examples:
- Designate a security officer who is responsible for compliance
- Create policies and procedures that explain proper use of workstations and electronic media
- Ensure all employees have unique passwords
- Limit physical access to covered entity's facilities