is canopy hippa compliant? or how do i become hippa compliant?
could someone just give me a breif idea if i need to do anything.
i have a nursing home wanting our service they want to know if i am hippa compliant they use citrix server system across the net.
any info would be appreciated.
kmeaodws
Info-Ed Inc.
Here is a summery of what Hippa is
Health Insurance Portability and Accountability
Act of 1996
Summary of Administrative Simplification
Provisions
Standards for electronic health information transactions. Within 18 months of
enactment, the Secretary of HHS is required to adopt standards from among those
already approved by private standards developing organizations for certain electronic
health transactions, including claims, enrollment, eligibility, payment, and
coordination of benefits. These standards also must address the security of electronic
health information systems.
Mandate on providers and health plans, and timetable. Providers and health
plans are required to use the standards for the specified electronic transactions 24
months after they are adopted. Plans and providers may comply directly, or may use
a health care clearinghouse. Certain health plans, in particular workers
compensation, are not covered.
Privacy. The Secretary is required to recommend privacy standards for health
information to Congress 12 months after enactment. If Congress does not enact
privacy legislation within 3 years of enactment, the Secretary shall promulgate
privacy regulations for individually identifiable electronic health information.
Pre-emption of State Law. The bill supersedes state laws, except where the
Secretary determines that the State law is necessary to prevent fraud and abuse, to
ensure appropriate state regulation of insurance or health plans, addresses
controlled substances, or for other purposes. If the Secretary promulgates privacy
regulations, those regulations do not pre-empt state laws that impose more stringent
requirements. These provisions do not limit a State’s ability to require health plan
reporting or audits.
Penalties. The bill imposes civil money penalties and prison for certain violations.
HIPAA is a complicated subject.
If you read the auctual legislature, you will not find spesfic rules, guidlines, or anything technical at all.
There is no list of features, encryption standards, guidelines, nothing.
There is no criteria set forth that hardware vendors can comply with, there is no “HIPAA seal of approval” and no certification process.
What the HIPA Act does do is this: it established a general philosophy that medical professionals must be secure in their transaction and storage of personal patient information.
You, as the System Administrator of a health care facility, (I presume) need to read and unerstand the HIPA Act. From that understanding of the philosophy set forth, design and implement a network that follows with HIPAA’s philosophy of security and confidentiality.
This encompasses more then just networking hardware. As I’m sure you know, hardware by itself does not make a network secure. Security come from a wide array of things: hardware, hardware configuration, encryption methods, monitoring software, security audits, security minded users (probably the hardest to achive), I could go on and on.
So, to wrap this up…
- Is Canopy HIPAA compliant? No. Nothing by itself can be considered HIPAA compliant
- Can a network comprising of Canopy hardware conform to the guidlines in the HIPA Act? Yes
well they have there own IT dept i am just going to provide them the backbone.
kmeadows
I work for a local hospital albeit not in the IT department. HIPAA mainly concerned with patient privacy and confidentiality regarding their medical records, personal information and treatments.
Without knowing the specifics I CAN say that I have been told by a local distributer that Huntsville’s Redstone Arsenal uses canopy equipment. They were the ones that sold them the equipment.
kmeadows wrote: well they have there own IT dept i am just going to provide them the backbone.
kmeadows
That being the case, it sounds like their IT staff asked you if your service is HIPAA compliant and you're wondering how to respond?
I've responded to that question with a less "on my soap box" version of my above post:
"There is no certification process for HIPAA compliance, but the service we provide uses over the air encryption and (insert more security measure you use here) so the service we provide keeps with the spirit of the HIPA Act, and could be one portion of your compliance."