What is HIPAA and does it apply to my organization?
The Health Insurance Portability and Accountability Act (HIPAA) is a broad law that applies to any entity working in the healthcare space. A covered entity is a health care provider, a health plan, or a health care clearing house who, in its normal activities, creates, maintains or transmits PHI (Protected Health Information). A “business associate” is a business that provides a service to, or performs a certain function or activity for a covered entity, when that service, function, or activity involves the business associate having access to PHI maintained by the covered entity. Examples of Business Associates include lawyers, accountants, IT contractors, billing companies, cloud storage services, email encryption services, etc.
The requirements of HIPAA are intentionally vague so they can be applied equally to every different type of Covered Entity or Business Associate that comes in contact PHI. Despite these vague requirements, every Covered Entity and Business Associate that has access to PHI must ensure the technical, physical, and administrative safeguards are in place and adhered to, that they comply with the HIPAA Privacy Rule in order to protect the integrity of PHI, and that they follow the procedure in the HIPAA Breach Notification Rule should a breach of PHI occur.
What are the requirements of HIPAA?
What is the penalty for a HIPAA violation?
HIPAA violations cost your organization. The federal fines for noncompliance are based on the level of perceived negligence found within your organization at the time of the HIPAA violation. These fines and consequences can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for each violation. In addition, once you have had a HIPAA breach, the name of your organization is permanently listed on the Office for Civil Rights Breach Portal along with the offense, date, and number of individuals affected.
CyberCare – TRA’s Cybersecurity as a Service Offering
Most businesses fail HIPAA audits, but your organization will not fail with TRA CyberCare. TRA combines internal expertise and strategic partnerships with several leading security providers to deliver a comprehensive approach to HIPAA compliance. TRA CyberCare bundles HIPAA framework software, compliance coaching, and the required technical services to assist your organization in achieving HIPAA compliance. Our HIPAA compliance solution covers the full extent of the HIPAA regulation including the six required self-audits, gap identification, remediation plans, written policies and procedures, employee training, business associate agreements, and breach notification. Enroll in TRA CyberCare today to ensure your organization receives a HIPAA Seal of Compliance verification.