HIPAA, or the Health Insurance Portability and Accountability Act, was enacted in 1996 and partly designed to protect the confidentiality and security of patients’ healthcare information. The advent and rapid evolution of web technologies presented new challenges, which lead to an update of the Act in 2003.
The affected parties under HIPAA are defined as the Covered Entity, or the healthcare provider, and if present, the Business Associate, or any third party involved in collecting, storing, and delivering PHI (Protected Health Information), which is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual.
There are four sections of HIPAA that affect web technologies, and therefore, Acclaim: the HIPAA Privacy Rule, Security Rule, Enforcement Rule, and Breach Notification Rule.
The Privacy Rule was designed to protect patients’ medical records as well as PHI. This rule is also intended to give patients the right to obtain a copy of their health records, the right to examine them, and the right to request corrections.
Any business or 3rd party that stores or transfers PHI is known as the Business Associate. The Business Associate needs to cover the items below under a signed BAA, or Business Associate Agreement, with the Covered Entity.
Under the Privacy Rule, Business Associates shall:
– Not allow use or disclosure of PHI without prior patient consent
– Notify the Covered Entity of any breach that might expose PHI
– Provide Covered Entities with access to relevant PHI
– Disclose PHI to the Secretary of US Health & Human Services Department if asked to do so
– Keep and be able to provide an accurate log of disclosures
– Abide by the HIPAA Security Rule
For more information on the Privacy Rule, please visit http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/
The Security Rule includes three separate sections:
1) Technical Safeguards
2) Physical Safeguards
3) Administrative Safeguards
Under each Safeguard section, the specifications are listed as “required” or as “addressable” by the Act. Technical Safeguards address data privacy, security, and audit controls for that data. Physical Safeguards address workstation and device or media security. Lastly, Administrative Safeguards address the guidelines and procedures that workforces should follow under HIPAA.
For more details on the Security Rule, please visit http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html
The Enforcement Rule defines different fines, penalties and procedures for hearings. For an in depth look, please visit http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/index.html
Breach Notification Rule
The Breach Notification Rule requires healthcare providers to notify patients when a breach of PHI occurs. If the breach involves more than 500 patients, then the entities are required to notify the media and the public. For more information on this rule, please visit http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html
What does this mean for Acclaim?
At Acclaim, we take privacy and data security very seriously. No user information on Acclaim is publicly available and our zero-out policy (any content deleted from Acclaim is permanently deleted) means that users can use Acclaim for training and supervision, and confidently move forward without the liability of leaving sensitive content behind.
It is also important to mention that there is no official “HIPAA Compliance” certification. Rather, Business Associates and Covered Entities should show steps taken to cover the items listed in this post to the best of their abilities. The lack of an official certifying process means that abiding by HIPAA standards is very much a moving target, especially as tech evolves.
Where applicable, our team is more than willing to provide detailed information on how Acclaim meets HIPAA compliance standards listed in this post and sign a Business Associate Agreement to ensure liability coverage for our customers, partners, and end users.
Acclaim is a secure, video platform used in classrooms across the country. Teachers and students can easily record, upload, organize, and collaborate around videos files as part of class activities, discussions, and assignments.