KITS

Click here to view the enhanced content of our site

ARE YOU HIPAA COMPLIANT

The Health Insurance Portability and Accountability Act (HIPAA) was passed into law in August 2006 with the intention of enabling better access to health insurance, reducing health care fraud and abuse, and lowering the overall cost of health care in the U.S.

What is HIPAA?

Who must comply with HIPAA?

All covered entities who store patient data electronically must comply with HIPAA. Covered entities are defined as 1) health plans, 2) health care clearinghouses and 3) health care providers (doctors, dentists, etc.)

How does KITS help me become HIPAA complaint?

KITS helps covered entities comply with both the HIPAA Privacy and HIPAA Security Rules. HIPAA Privacy Rule: Mandatory compliance - April 14, 2003 The HIPAA Privacy Rule sets standards for how protected health information "in any form or medium" should be controlled. The HIPAA Privacy Rule specifically requires that privacy and security be built in to the policies and practices of health care providers, plans, and others involved in health care. HIPAA Security Rule: Mandatory compliance - April 21, 2005 The HIPAA Security Rule is the first comprehensive Federal protection for the privacy of personal health information. The HIPAA Security Rule identifies standards and implementation specifications that organizations must meet in order to become compliant.

The general requirements of the HIPAA Security Rule establish that covered entities must do the following:

1.Ensure the confidentiality, integrity and availability of all electronically protected health information the covered entity creates, receives, maintains or transmits.
2.Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
3.Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required.
4.Ensure compliance by the workforce.

How does KITS remote backup help me comply with the HIPAA security and privacy rules?

Encryption of data during backup:

All data being backed up is encrypted with 448-bit Blowfish encryption prior to transfer and sent through a secure 128-bit SSL tunnel to the KITS datacenter.

Encryption of data on KITS servers:

All backed up data maintains the 448-bit Blowfish encryption while stored "at rest" in the KITS datacenter.

Physical security:

KITS servers are located in a Tier 4 datacenter protected by gated perimeter access, 24 x 7 x365 on-site staffed security and technicians, electronic card key access, and strategically placed security cameras inside and outside the building.

Some basic practices to help you be HIPAA Compliant

Cyber Security
Access to any computer system that contains or has access to PHI should be protected by a password that is unique for each user.

Passwords should be strong passwords.

A strong password is one that:

Can not be found in a dictionary

Will contain 7 or more characters

Does not use any proper names or nick names.

Uses a combination of letters, numbers, special characters (!@#$%) along with mixing upper and lower case letters

Passwords

Passwords should be changed on a regular basis…every 30,45 or 60 days is common

Like keys, passwords should not be shared with other people including coworkers and family members.

Probably should not be written down in the office like on a sticky note stuck on your monitor.

Emails

E-mail should be used primarily for business purposes…personal use of email can result in risks to PHI and represent a key point of abuse.

The contents of an e-mail message should be carefully considered…. messages containing foul and abusive language, offensive materials and materials that would be considered confidential, like PHI, should be prohibited.