The Health Insurance Portability and Accountability Act of 1996 was enacted by Congress and signed by President Bill Clinton in 1996. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans and employers.
HIPAA certification means the data center follows the standards set by the Health Insurance Portability and Accountability Act. Any company that handles protected health information must ensure that all aspects of its operations – from the physical network to the software that runs on it – are secure. When medical providers co-locate their infrastructure, the data center also must be in compliance with HIPAA regulations.
With its HIPAA certification, ColocationGuard must meet certain administrative, physical and technical safeguards in place, according to the U.S. Department of Health and Human Services. Examples of safeguards include:
The review was handled by IS Partners, an independent auditing firm that has handled more than 800 SAS 70, SSAE 16 and SOC audits, internal control readiness assessments, trust service audits, HIPAA assessments, and information technology audits. The firm, which is based in Horsham, Pa., serves clients in all major service industries throughout the United States, Canada, United Kingdom, Central America, India, Pakistan and Caribbean Islands. The firm’s SSAE 16 audit teams are comprised of experts in the areas of accounting, information technology, internal controls, and business process auditing.
The ColocationGuard certification involved:
The Health Information Technology for Economic and Clinical Health (HITECH) Act, which took effect in February 2010, extends the Health Insurance Portability and Accountability Act’s (HIPAA) rules for security and privacy safeguards, including increased enforcement, penalties and audits. It was passed after surveys showed that many HIPAA compliance programs were deficient in the areas of privacy and security, including inadequate program testing and failure to update the programs.
Visit the Department of Health and Human Services’ informative website: http://www.hhs.gov/ocr/privacy/.