Alcea Technologies HIPAA compliance
In the search for the right agency management platform, a big “must-have” is a software that meets HIPAA regulations. HIPAA is the Health Insurance Portability and Accountability Act of 1996. These two rules are otherwise known as the ‘Standards for Privacy of Individually Identifiable Health Information’(Privacy Rule) and the ‘Security Standards for the Protection of Electronic Protected Health Information’(Security Rule). Due to the fact that the software is managing protected health information, it is of utmost importance that the software is HIPAA compliant.
We have put together a checklist to use when evaluating software to see if it meets the HIPAA standards. Alcea Software Tracking Solutions is fully HIPAA compliant.
Under HIPAA Security requirements there are specific provisions for administrative safeguards, physical safeguards, and access control.
ADMINISTRATIVE SAFEGUARDS [142.308 (a)]
Access Authorization
Log In Monitoring
Password Management
Data Backup Plan
Disaster Recovery Plan
Emergency Mode Operation Plan
PHYSICAL SAFEGUARDS [142.308 (b)]
Facility Security Plan
Data Backup and Storage
ACCESS CONTROL [142.308 (c)]
Unique user identification
Automatic Log off
Encryption / Decryption
Along with the above items, it is imperative to have your own Business Associate Agreement with any stakeholder you work with in order to protect the Personal Health Information (PHI) of the clients you serve.
Another term that is commonly used for HIPAA compliant software is “Limiting Access and Use to the Minimum Necessary”. Under the regulations, this is described as “covered entity must develop and implement policies and procedures that restrict access and uses of protected health information based on the specific roles of the members of their workforce. These policies and procedures must identify the persons, or classes of persons, in the workforce who need access to protected health information to carry out their duties, the categories o of protected health information to which access is needed, and any conditions under which they need the information to do their jobs.”
What this means for software is that it must provide the ability to create access levels and user roles to group employees into so that you can restrict access to PHI that is not necessary for them to do their job.
HIPAA Compliance is the most important requirement for a software in this space. By following the checklist and guidelines above you can be certain that the software you choose meets these standards.
