Every business that handles healthcare records worries about becoming HIPAA compliant. HIPAA compliance can make the difference between being in business and owing several thousand dollars in fines. Read on to learn about HIPAA, and how GE Centricity hosting securely handles private data.
What Is HIPAA?
The Health Insurance Portability and Accountability Act of 1996, or HIPAA, ensures the privacy of personally identifiable healthcare data via several provisions. If a company’s data meets the privacy and security standards set by Title II of HIPAA, the company is said to be HIPAA compliant.
However, if a company isn’t HIPAA compliant, they can be subject to investigation, and may owe restitution in the tens of thousands of dollars. If record holders knowingly disclose information, they may be subject to criminal penalties, as well.
How HIPAA Affects Businesses With Hosted Data
HIPAA categorizes all secondary businesses and employees that handle EHRs as “business associates,” which are subject to the same limitations as healthcare companies regarding secure data storage and dissemination. This is the case even if a business is subcontracting hosting duties to a different business.
Therefore, HIPAA allows businesses to store EHRs on the cloud, including via third-party hosting. However, all business associates need to sign a business associate agreement (or BAA) affirming that the third party will be handling EHRs, and that they will be in HIPAA compliance. Additional Service Level Agreements, or SLAs, may clarify additional data concerns, such as how data is disposed of or reverted to its owner.
How HIPAA Affects Businesses Using GE Centricity
GE Centricity is GE’s solution to EHR management and hosting. GE Centricity is designed to be convenient for healthcare practitioners, but it’s also designed with an eye toward security and regulatory compliance.
Of course, all healthcare companies using GE Centricity hosting will need to be HIPAA compliant on their end. But GE Centricity’s hosting handles all HIPAA compliance requirements on their end, so customers don’t have to worry about the security of their data once it leaves their servers. And because this is GE Centricity’s business, there’s no need to negotiate special BAAs or SLAs.
Healthcare companies need to know their data is stored in compliance with HIPAA. GE Centricity isn’t just an efficient solution — it keeps data secure, avoiding costly HIPAA violations.