HIPAA guidelines

HIPAA refers to Health Insurance Portability and Accountability Act; this act was established in 1996 to protect privacy as well as security of the health information pertaining to the patients. The HIPAA standards include security guidelines that are related with administrative, technical as well as physical safeguards identified in order to secure electronic protected health information (ePHI). Data centers that are hosting the ePHI are required to fulfill the HIPAA security guidelines.

The security measures that data centers are required to have in place include:

  • High speed internet connection along with requisite hardware that can run software and communicate with different devices
  • Private and dedicated IP address that is separated from public internet and secure database as well as web servers
  • The web access to PHI should be secured and encrypted through SSL certificates as well as HTTPS so as to prevent any unauthorized access or connections
  • Advanced encryption standards so as to encrypt the PHI that is stored on the dedicated servers
  • Secured firewall to protect the files against unauthorized access
  • Facility for individuals with adequate credentials to access the data through a remote VPN facility.
  • A documented and well designed backup plan as disaster recovery measure in case the PHI data is lost or the server malfunctions

Data centers are required to have appropriate security mechanisms including dedicated firewalls and access protocols under the HIPAA guidelines. The highest possible level of conformity is required as non conformity may attract bad publicity as well as penalties. Data breaches are also required to be publicly reported as per the new HIPAA guidelines. The infrastructure responsible for holding ePHI should be properly protected and appropriate controls should be in place, related with aspects such as physical access to the infrastructure or facilities as well as management of the data. Strict identification processes should be kept in place before granting access to the data center facilities.

The data should be protected at all times and advanced encryption features or technologies should be implemented while transmitting or sharing of data. The information along with the backup for the data should also be accounted for at each stage. Maintaining records in low risk areas and keeping record of place where the data resides can help in disaster recovery if required. The data centers should also be monitored on a constant basis so that possibility of threats can be prevented. The network operations center should also have experienced and trained experts that can identify and address suspicious activities before such actions result in a large scale breach or attack. Information pertaining to monitoring of environment should also be consistently generated and provided to healthcare organizations. The data center should also be monitored to identify change in any electrical, mechanical as well as environmental conditions and proper processes should be in place for identification of issues and for dealing with the issues.

The data center should also have staff completely well versed in processes required for supporting HIPAA compliance. The staff should also periodically attend training on HIPAA security aspects and should be aware of HIPAA requirements so as to avoid breaches.


Request for a Quote
Looking For :
State :
City :
Name :
Email ID :
Phone No. :
Specialty :
Visual verification