Connectria Hosting- HIPAA Compliant Hosting Services

486 views

Published on

Connectria provides HIPAA Compliant Hosting for customers in the healthcare and dental industry or anyone who must comply with the HIPAA and HITECH Act security standards surrounding the storage of Protected Health Information (PHI). Our services include:
c
-HIPAA Cloud Hosting
-HIPAA Managed Hosting (Dedicated Server Hosting)
-HIPAA Hybrid Hosting (a combination of Cloud Hosting and Dedicated Server Hosting)

100% HIPAA Compliant & Business Associates Agreement (BAA) Friendly:

Our world-class data centers and hosting services successfully undergo independent 3rd party HIPAA assessments to demonstrate our 100% HIPAA compliance, allowing our many healthcare and dental customers to satisfy their HIPAA security obligations. Connectria also provides hosting for many SaaS providers requiring HIPAA compliance, as well as organizations looking for HIPAA Compliant Cloud Storage. We are also Business Associates Agreement (BAA) friendly, and routinely enter into Business Associates Agreements with our customers.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
486
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Thank you for joining Connectria’s on-demand presentation, “Supporting HIPAA Compliance Through Managed Hosting .”
  • Throughout this presentation, we will provide an overview of Connectria Hosting, including our hosting experience across a wide range of technologies. We’ll also touch upon the strength of word of mouth marketing and how it relates to our Referral Partner Program. Finally, we’ll review our Referral Partner Program along with its benefits and show you how to sign up for the program.
  • HIPAA is an acronym for the Health Insurance Portability and Accountability Act. Though passed by Congress in 1996, HIPAA was not fully implemented until 2003. Simply put, the intent of HIPAA is to improve the efficiency and effectiveness of the American health care system. Its focus is reforming group and individual insurance so that those who change or lose jobs will retain coverage; it attempts to reduce waste, fraud, and abuse, with penalties and sanctions for those in violation; HIPAA also aims to simplify health care administration by mandating uniform standards surrounding electronic data transactions as well as protecting and securing private health care information.
  • The overall HIPAA legislation consists of five titles:Title I, "Health care access, portability and renewability," employers and health plans must allow a new employee's medical insurance coverage to remain continuous without regard to pre-existing conditions.Title II, "Preventing health care fraud and abuse; administrative simplification; medical liability reform" defines new requirements for privacy and security of individually identifiable patient information.Title III, "Tax-related health provisions" standardizes the amount you can save per person in a pre-tax medical savings account.Title IV, "Application and enforcement of group health plan requirements" broadened information on insurance reform provisions and provide detailed explanations. Title V, "Revenue offsets" are regulations on how employers can deduct company-owned life insurance premiums for income tax purposes. Our focus upon HIPAA compliance and managed hosting that supports HIPAA compliance is related specifically to Title II.
  • The Administrative Simplification section within Title II requires improved efficiency in healthcaredelivery by the standardization of electronic data interchange (EDI) and the protection ofconfidentiality and security of health data through setting and enforcing standards. On February 17, 2009, the Health Information Technology for Economic and Clinical Health Act(HITECH) was signed into law as part of the American Recovery and Reinvestment Act(ARRA), significantly extending certain HIPAA security and privacy requirements as wellas setting the stage for increased enforcement.
  • HIPAA security for protecting health data is divided into three categories, administrative safeguards, physical safeguards and technical safeguards. The administrative safeguards contain 9 standards surrounding the conduct of personnel in relation to the protection of data. Four categories within the physical safeguards are intended to ensure necessary physical measures, policies and procedures are in place that protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards as well as unauthorized access. Finally, technical safeguards are designed to prevent unauthorized access to data that is transmitted over a communications network.
  • The HIPAA Privacy Rule pertains to three categories of "covered entities" - health care providers, health plans, and health care clearinghouses.Health care providers are covered if they transmit health information electronically. Even a doctor in a small practice who keeps only paper records will almost certainly use a billing service that transmits information electronically. In short, it is nearly impossible to provide health care today without using electronic means in some way.As long as information is transmitted electronically, "health care provider" includes your doctors, hospitals, staff involved in your treatment, laboratories, pharmacists, dentists, and many others that provide medical, dental, and mental health care or treatment. In short, a provider is almost anyone in the business of providing health care who is licensed or regulated by the states.Health plan means almost anyone that pays for the cost of medical care. This includes: health insurance companies, HMOs (health maintenance organizations), group health plans sponsored by your employer, Medicare and Medicaid, and virtually any other company or arrangement that pays for your health care.Health care clearinghouses can be any number of organizations that work as a go-between for health care providers and health plans. An example of this would be a billing service that takes information from a doctor and puts it into a standard coded format. Patients rarely deal directly with clearinghouses.An organization may also be what is called a hybrid entity. A hybrid entity provides health care as only part of its business. A large corporation that has a self-insured health plan for its employees is one example of a hybrid entity. Only the portion of the company that processes claims and makes payments to health care providers is subject to the HIPAA Privacy Rule.
  • Now that you have a better idea of HIPAA laws and its applicability, how does one become compliant? First, become familiar with the body of HIPAA laws, including but not limited to privacy and security. This presentation only provides a cursory introduction into HIPAA compliance. You may wish to seek the advice and counsel of a third party source. They are many consulting companies that provide these services. Given our focus is surrounding the privacy and security of individually identifiable information in electronic form, you should be aware that the security rule is a set of standards and implementation specifications. It should also be known that there is some flexibility built into the law as it pertains to its compliance. For standards, each must be met, however it takes into account that each organization may be different so it requires compliance that is reasonable and appropriate for your given organization. Implementation specifications may be required or addressable. Note addressable does not mean optional. If your organization deems a certain specification as not reasonable or appropriate, you must clearly document a defensible position.
  • The cost or non-compliance with HIPAA laws are real. Violation complaints have steadily risen. For those in violation of privacy and security laws, civil and criminal penalties may result. And the introduction of the HITECH Act has strengthened HIPAA enforcement, with fines now ranging up to $250,000 and incarceration up to 10 years for those who knowingly misuse individually identifiable health information.
  • So what do you do when you want to be HIPAA compliant? Simply outsource compliance to a managed hosting provider? Not quite.There are many misconceptions surrounding Managed Hosting and HIPAA compliance. Perhaps the biggest misconception is that you can become HIPAA compliant solely through outsourcing a HIPAA Compliant Managed Hosting Solution. Despite claims of many other vendors, you cannot achieve compliance through a managed hosting service alone. As referenced earlier in this presentation, there is much more to HIPAA compliance beyond securing electronic data. This is just one piece of the puzzle. Managed Hosting Companies are not covered entities, and cannot achieve compliance in and of themselves. Managed hosting companies can, however, significantly support efforts to achieve HIPAA compliance. They do so since the very nature of their businesses adhere to security standards through best practices. And additionally, many hosting companies provide HIPAA specific measures and solutions to better assist in protecting electronic data.
  • So what do you do when you want to be HIPAA compliant? Simply outsource compliance to a managed hosting provider? Not quite.There are many misconceptions surrounding Managed Hosting and HIPAA compliance. Perhaps the biggest misconception is that you can become HIPAA compliant solely through outsourcing a HIPAA Compliant Managed Hosting Solution. Despite claims of many other vendors, you cannot achieve compliance through a managed hosting service alone. As referenced earlier in this presentation, there is much more to HIPAA compliance beyond securing electronic data. This is just one piece of the puzzle. Managed Hosting Companies are not covered entities, and cannot achieve compliance in and of themselves. Managed hosting companies can, however, significantly support efforts to achieve HIPAA compliance. They do so since the very nature of their businesses adhere to security standards through best practices. And additionally, many hosting companies provide HIPAA specific measures and solutions to better assist in protecting electronic data.
  • Connectria’s HIPAA solutions may support any covered entity’s requirement for compliance. Our HIPAA solutions support a wide range of mission critical systems including EMR, patient management, billing, ecommerce, email, backup and disaster recovery and more. We also support HIPAA compliance for healthcare related software companies seeking a hosted solution, including Software as a Service platforms. Connectria provides packaged and customized HIPAA solutions to ensure each customer has the right solution for their organization….all at a predictable, fixed monthly price.
  • No one expects healthcare organizations to be experts in securing electronic data….for instance, not many healthcare organizations can provide their own off-site encrypted backups…that’s where Connectria comes in. Connectria’s HIPAA solutions address most all elements of the security rule, allowing covered entities to focus upon their business and do what they do best, whether delivering, administering or supporting healthcare.
  • Thank you for listening to our presentation, “Supporting HIPAA Compliance Through Managed Hosting.” We hope you found it worthwhile. If you are interested in learning more about Connectria, our managed hosting and HIPAA solutions, please call us at 1-800-781-7820 or 314-587-7000. Alternatively, email us at info.connectria.com or visit us at www.connectria.com. We hope to hear from you soon.
  • Connectria Hosting- HIPAA Compliant Hosting Services

    1. 1. Supporting HIPAA Compliance Through Managed Hosting
    2. 2. Agenda  HIPAA Defined  HIPAA Compliance and Non-Compliance  Managed Hosting and HIPAA Compliance  Connectria’s HIPAA Solutions 2
    3. 3. Disclaimer As you will see throughout this presentation, it is the customer’s sole responsibility to assure that it takes appropriate steps to achieve compliance with its HIPAA obligations. Connectria makes no representations or warranties of any kind that customers will be HIPAA compliant by solely utilizing Connectria’s services. 3
    4. 4. What is HIPAA?  Health Insurance Portability & Accountability Act  Designed to improve the efficiency and effectiveness of the American health care system 1. Group and individual insurance reform 2. Accountability 3. Administrative Simplification 4
    5. 5. The Broad HIPAA Legislation  HIPAA legislation consists of five titles: Title I Health care access, portability and renewability Title II Preventing health care fraud and abuse; administrative simplification; medical liability reform Title III Tax-related health provisions Title IV Application and enforcement of group health plan requirements Title V Revenue offsets 5
    6. 6. More on Title II  Administrative Simplification requires:  Improved efficiencies through standardized EDI (electronic data interchange)  Privacy and security of health data through standards enforcement In 2009, the Health Information Technology for Economic and Clinical Health Act (HITECH) extended HIPAA privacy and security requirements as well as increased enforcement 6
    7. 7. Electronic Information and HIPAA  HIPAA applies to all forms of information, however electronic data raises a distinct set of guidelines, particular for security  Protected Health Information (PHI or EPHI) is individually identifiable health information (e.g.name, phone#, email, SS#, etc.) that is transmitted by, or maintained in, electronic media or any form or medium
    8. 8. HIPAA Security Safeguards Source: Gartner 8 Administrative Physical  Facility Access Controls  Workstation Use  Workstation Security  Device and Media Controls Technical  Access Control  Audit Controls  Integrity  Person or Entity Authentication  Transmission Security Security Management Process  Assigned Security Responsibility  Workforce Security  Information Access Management  Security Awareness and Training  Security Incident Procedures  Contingency Plan  Evaluation Business Associate Contracts and Other Arrangements
    9. 9. HIPAA Applies to “Covered Entities” • Doctors • Clinics • Psychologists • Dentists • Chiropractors • Nursing Homes • Pharmacies …but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard. Source: US Dept of Health and Human Services, HHS.gov A Health Care Provider • Health insurance companies • HMOs • Company health plans • Government programs that pay for healthcare, such as Medicare, Medicaid, and military and veterans health care programs A Health Plan • Entities that process non- standard health information they receive from another entity into a standards (i.e., standard electronic format or data content), or vice versa. A Health Care Clearinghouse A Covered Entity is One of the Following: 9
    10. 10. Achieving Compliance  Understand the laws and compliance  Seek outside counsel if necessary  The security rule is expressed as a set of standards and implementation specifications, with some flexibility built into the law STANDARDS • Are required, must be met, however… • …can be met in any fashion that is reasonable and appropriate for a given organization IMPLEMENTATION SPECIFICATIONS • Are required or addressable (but not optional) • Organizations must document any addressable specification deemed not reasonable or appropriate Source: Gartner 10
    11. 11. Potential Cost of Non-Compliance  Civil and criminal penalties for privacy and security violations  HITECH Act strengthened enforcement  Fines up to $25,000 for multiple violations of the same standard in a calendar year  Fines up to $250,000 and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information 11
    12. 12. Breaches and Penalties are Real 12
    13. 13. The HIPAA Solution Misconception  There is no such thing as a HIPAA Compliant Managed Hosting Solution HIPAA Compliance Extends well beyond securing electronic data (Titles I-V)1 Managed Hosting Companies are not “Covered Entities”2 Managed Hosting Companies can support but not guarantee compliance3 13
    14. 14. Connectria’s HIPAA Solutions  Connectria has a HIPAA solution for any type of covered entity  Supports a wide range of mission critical systems including:  Solutions for healthcare related software companies (e.g. SaaS)  Packaged and customized HIPAA Solutions  Extranets/Intranets  Email environments  Disaster recovery environments  e-learning systems  Electronic Medical Records (EMR) systems  Patient management systems  Billing systems,  e-Commerce websites 14
    15. 15. Connectria’s HIPAA Solutions 15 Administrative Physical  Facility Access Controls  Workstation Use  Workstation Security  Device and Media Controls Technical  Access Control  Audit Controls  Integrity  Person or Entity Authentication  Transmission Security 15 Security Management Process  Assigned Security Responsibility  Workforce Security  Information Access Management  Security Awareness and Training  Security Incident Procedures  Contingency Plan  Evaluation Business Associate Contracts and Other Arrangements
    16. 16. A Few of Our Customers… 16
    17. 17. For more information  Interested in learning more about Connectria’s HIPAA Solutions? Call us at: 1-800-781-7820 or 314-587-7000 Email us at: info@connectria.com Visit us at: www.connectria.com 17

    ×