What EVERY Company Should Know About IT HIPAA Compliance
COREIP gives your company confidence that their critical information is securely stored for as long as necessary, yet quickly accessible when needed.
HIPAA Compliance Challenges |
The CoreProtect Solution |
Healthcare entities must establish a solid contingency plan to encompass data backup, disaster recovery and emergency mode operations as defined in HIPAA 164.308. |
The CoreProtect service assists our clients in meeting these requirements by providing a reliable, verifiable data backup that also provides a clearly defined disaster recovery and emergency mode service using our Standby Server Technology. |
Healthcare entities must implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed as defined in HIPAA 164.310. |
The CoreProtect service encompasses offsite data storage at two highly secure data storage facilities protected by 24x7x365 on-site staffed security, digital surveillance cameras, man traps and card access controls. |
Healthcare entities must implement policies and procedures for their electronic information systems that allow access only to those persons or software programs that have been granted access rights as defined in HIPAA 164.312. |
The CoreProtect service utilizes the latest government approved data encryption standards for all data that is stored locally as well as when it is transferred and stored offsite. At no time does your offsite date become decrypted and the only parties that have the ability to decrypt the data are CoreIP and the client. |
FREQUENTLY ASKED QUESTIONS
Who must comply with HIPAA?
All covered entities who store patient data electronically must comply with HIPAA. Covered entities are defined as 1) health plans, 2) health care clearing houses and 3) health care providers (doctors, dentists, etc.)
Under HIPAA, why is encryption necessary?
The Section 164.530(c) of the HIPAA Privacy Rule states the following: a covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information. All electronic protected health information (ePHI) needs to be encrypted.
What are the penalties for not being compliant?
The Security Rule is enforced by the Center for Medicare and Medicaid Services (CMS) within the U.S. Department of Health and Human Services (HHS), which may impose the following:
1. Administrative Action (i.e., implement a corrective action plan created by CMS)
2. Civil Penalties ranging from $100 to $25,000
3. Fines of up to $250,000 and imprisonment for up to ten (10) years
How does CoreProtect remote backup help me comply with the HIPAA security and privacy rules?
Encryption of data during backup: All data being backed up is encrypted with 256 bit AES encryption prior to transfer and sent through a secure 256 bit SSL tunnel to 2 separate COREIP datacenters.
Encryption of data on CoreIP servers: All backed up data maintains the 256 bit encryption while stored in our datacenters.
Physical security: CoreIP servers are located in a Tier 2+ datacenter, dual OC -48’s, Isolated from other businesses, protected by strategically placed motion activated cameras and 24 x 7 x365 on-site staffed security and technicians, clean power facility – UPS and diesel generator protected to ensure maximum uptime.
Remote/offsite backup: CoreProtect is an automated remote or offsite backup and a key component in any disaster recovery plan as protection against hardware failure, theft, virus attack, deletion, and natural disaster.
Written contingency plan: The HIPAA Security rule requires that covered entities have a written contingency plan for responding to system emergencies, including a detailed plan concerning the data backup and recovery process in the event of a disaster. By implementing our COREPROTECT service, we enable our clients to comply with these regulations.
|
