Summer is winding down and open enrollment is right around the corner. Speaking of personal health information – is it time for you and your business to think about HIPAA compliance?
Many business owners and decision-makers believe that HIPAA belongs to the world of doctor’s offices and insurance companies, but it’s a little more complicated. HIPAA applies to covered entities and their business associates. Covered entities include health plans and certain healthcare providers, the groups that immediately come to mind when you think of healthcare. Business associates are a much broader group, and can encompass entities like third party claims processing administrators, and accounting or legal firms serving healthcare providers.
Do HIPAA regulations apply to your business? There are ways in which you may find yourself working with protected information.
Some common means through which companies come into contact with HIPAA protected data include:
- Health information in Worker’s Compensation claims
- Data collected as part of employee wellness programs, like employee physicals
- Information collected via an employee’s Flexible Spending Account (FSA)
- Self-insured health plans
Some companies are choosing to follow HIPAA regulations even if they are not covered entities or business associates. Why would they do that? Well, if you collect any health information, your employees and staff may expect you to follow HIPAA compliant practices, even if you are not technically required to. For example, the popular wearable technology company Fitbit gains a competitive edge through following HIPAA compliant practices even if it is not a covered entity. Today, most employers possess some kind of employee health information and consumers and employees expect assurances that their information is being handled properly. Therefore, for some companies, it simply makes good business sense to follow HIPAA guidelines.
What kind of health information are you collecting and how can you keep it secure? For many businesses, HIPAA compliance begins, and often fails, with IT. That’s because cybersecurity is a major component to keeping your business HIPAA compliant. From proper storage to secure messaging, you want to make sure you are taking the necessary steps to remain HIPAA compliant. From an IT standpoint, some options you want to explore include:
- Security Risk Assessment
- Disaster Recovery Planning
- Secure Messaging
- Cloud Storage
Having the right IT provider is one of the best ways to protect your business and ensure you remain up-to-date with any technology-related compliance requirements. Even if you do not have current compliance concerns, it may be time to assess your cybersecurity practices.
Compliance and IT can be convoluted and overwhelming to navigate. That’s why Cooperative Systems is here to help. We are IT experts who remain up-to-date on the latest compliance regulations. If you think HIPAA might be a concern for your business, or even if you simply want to explore your IT options, we encourage you to reach out to us. Our team of IT experts can help you identify compliance holes in your current IT infrastructure.
Strong IT practices are crucial for the overall health of your business.
Contact Cooperative Systems today!
"*" indicates required fields