When is HIPAA Compliance Not Enough?

Everyone in healthcare seems to be using the term “HIPAA Compliant” in their marketing materials. Here are just a few of the services and marketing buzz words being thrown around:

  • HIPAA compliant data center
  • HIPAA compliant IT support
  • HIPAA compliant cloud hosting
  • HIPAA compliant phone system
  • HIPAA compliant email
  • HIPAA compliant faxing
  • HIPAA compliant vehicles

Well, maybe not the last one. But chances are if your car is lockable, it’s HIPAA compliant.

What does HIPAA compliant mean and is it enough?

First did you know that there is no HIPAA compliant exam or certification that these companies take to ensure their products are HIPAA compliant? Does that come as a surprise? Most companies that say they are HIPAA compliant are merely just following the HIPAA laws, rules and best practices. Sure they might (and hopefully do) have a HIPAA expert on staff who has some training and certifications but that doesn’t mean they are the best solution around HIPAA compliance? Probably not. On the positive side, most solutions that claim HIPAA compliance are at least aware of and practicing HIPAA compliance your practice should be protected. But don’t you want someone looking out for your medical practice or hospital that goes beyond HIPAA compliant?

EMR and cloud hosting is a great example of going beyond HIPAA compliance. Pretty much every cloud based solution is HIPAA compliant. But is that really good enough? Hint – It’s not!

HITRUST Certification

MD Tech Pro for example only endorses and recommends data centers and EMR hosting companies that are HITRUST certified. HITRUST certification is the highest standard for managing security risks and protecting health information. This includes HIPAA and protection from other breaches. When you are talking about storing your patient data, HIPAA compliant just isn’t enough.

So the next time someone tells you their data center is HIPAA compliant, ask them about their HITRUST certfication as well. If they aren’t HITRUST certified, run don’t walk to a solution that meets this highest standard. Do you really want to trust your data to someone who just says they are HIPAA compliant or one who exceeds this and other requirements by being able to demonstrate their expertise through HITRUST certification.

For more information on HITRUST, visit https://hitrustalliance.net/about-us/.

For more information about EMR hosting, cloud backup and cloud hosting, contact us.