HIPAA, The Health Insurance Portability and Accountability Act, was passed into law in August 1996 with the intention of enabling better access to health insurance, reducing health care fraud and abuse, and lowering the overall cost of health care in the U.S. It applies to all business entities who store patient data electronically. Those who must comply are:
Health Plans
Health Care Clearing Houses
Health Care Providers such as doctors, dentists, chiropractors, etc.
Two critical rules were implemented to define Privacy and Security.
HIPAA Privacy Rule: Mandatory compliance - April 14, 2003
The HIPAA Privacy Rule sets standards for how protected health information "in any form or medium" should be controlled and specifically requires that privacy and security be built in to the policies and practices of health care providers, plans, and others involved in health care.
HIPAA Security Rule: Mandatory compliance - April 21, 2005
The HIPAA Security Rule is the first comprehensive Federal protection for the privacy of personal health information and identifies standards and implementation specifications that organizations must meet in order to become compliant.
The general requirements of the HIPAA Security Rule establish that covered entities must do the following:
Ensure the confidentiality, integrity and availability of all electronically protected health information the covered entity creates, receives, maintains or transmits.
Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required.
Ensure compliance by the workforce.
How does Skadoit! help business entities become HIPAA complaint?
Skadoit! helps required entities comply with both the HIPAA Privacy and HIPAA Security Rules by:
Encrypting data during backup: All data being backed up is encrypted with 256-bit encryption prior to transfer and sent through a secure 128-bit SSL tunnel to our Skadoit! datacenters.
Maintaining Encryption of data on Skadoit! servers: All backed up data maintains the 256-bit encryption while stored "at rest" in the Skadoit! datacenter.
Physical security: Skadoit! servers are located in a Tier 4 datacenter protected by 24 x 7 x 365 on-site staffed security and technicians, electronic card key access, biometric access, and security cameras inside and outside the building. Within the datacenter, Skadoit! servers are protected within cages under lock and key.
Private and public encryption keys: Users have a choice of using a Skadoit! generated 256-bit key or managing their own private key to encrypt their data.
Logical security: Limited access to backed up data is strictly controlled by Skadoit! personnel and may be accessed by clients via the web using the password protected, web-based Skadoit! administrative console and supplying a valid encryption key. Internet access is strictly controlled and protected utilizing sophisticated intrusion detection.
Online and Offsite or Remote backup: Skadoit! is an automated online and offsite or remote backup and functions as a key component in the disaster recovery plan of any organization as protection against hardware failure, theft, virus attack, deletion, and/or natural disaster.
Written contingency plan: The HIPAA Security rule requires that covered entities have a written contingency plan for responding to system emergencies, including a detailed plan concerning the data backup and recovery process in the event of a disaster.
Note: There is no standard "HIPAA certificate of compliance" for backup software and services. For more information about HIPAA and HIPAA compliance, contact your legal counsel or refer to the HIPAA section of the U.S. Department of Health and Human Services' website: http://www.hhs.gov/ocr/hipaa/
