HIPAA compliance is the Good Housekeeping® seal for IT organizations serving the healthcare sector.
The quick if not simple answer is yes – but. The HIPAA HITECH audit program analyzes various processes, controls and policies in the healthcare and health insurance arena, in keeping with the Health Information Technology for Economic and Clinical Health (“HITECH”) provisions of the American Recovery and Reinvestment Act of 2009. The audit spells out many of the requirements contained in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), to protect the privacy and security of protected health information.
he federal Office of Civil Rights established a comprehensive HIPAA audit protocol that specifies requirements to be assessed through these performance audits. The audit protocol is organized around modules representing separate elements of privacy, security, and breach notification. The combination of these multiple requirements may vary based on the type of covered entity selected for review.
HIPAA sets forth a rigorous and demanding regulatory environment, and only a select number of vendors can truly compete in the space, largely because of these data security requirements. But in order for a vendor to say that it’s HIPAA compliant, that provider doesn’t actually have to do anything.
Nothing. Nada. Zilch.