By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    stress disorder
    5 Ways To Manage Post-Traumatic Stress Disorder
    October 27, 2021
    Medical device classification and development strategies
    Medical device classification and development strategies
    April 5, 2023
    varicose veins
    Varicose Veins Prevention: 3 Lifestyle Changes to Make Right Now
    May 1, 2022
    Latest News
    Beyond Nutrition: Everyday Foods That Support Whole-Body Health
    June 15, 2025
    The Wide-Ranging Benefits of Magnesium Supplements
    June 11, 2025
    The Best Home Remedies for Migraines
    June 5, 2025
    The Hidden Impact Of Stress On Your Body’s Alignment And Balance
    May 22, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    health benefits of gene targeting research
    Breakthroughs in Gene Targeting in Mouse Can Help Humans
    December 4, 2022
    Weighing Up the Advantages and Disadvantages of Nursing Homes
    October 31, 2022
    get second opinion to avoid medical errors
    The Role Of Second Opinions In Medical Errors
    December 10, 2023
    Latest News
    Top HIPAA-Compliant Messaging Apps for Healthcare Teams
    June 25, 2025
    When Healthcare Ends, the Legal Process Begins: What Families Should Know About Probate and Medical Estates
    June 20, 2025
    Preventing Contamination In Healthcare Facilities Starts With Hygiene
    June 15, 2025
    Strengthening Healthcare Systems Through Clinical and Administrative Career Development
    June 13, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Five Questions to Ask Your Business Associates: #3 Policies & Technologies
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Uncategorized > Five Questions to Ask Your Business Associates: #3 Policies & Technologies
Uncategorized

Five Questions to Ask Your Business Associates: #3 Policies & Technologies

onlinetech
Last updated: February 6, 2012 1:35 pm
onlinetech
Share
4 Min Read
SHARE

Our third most important question to a Business Associate is:

What policies and technologies are used to protect my applications and PHI data?

Our third most important question to a Business Associate is:

What policies and technologies are used to protect my applications and PHI data?

Neither HIPAA nor HITECH call for specific technical measures to assure PHI data is available, accurate and secure. However, there are still basic technologies and practices that indicate a culture of security awareness and proficiency. After you review the BA’s independent HIPAA audit report, ask about these data security technologies.

In our case, as a hosting provider, the minimum server security requirements to meet HIPAA compliance are:

  • Virtual or Dedicated Firewall
  • Backup
  • Antivirus
  • OS Patch Management

We also recommend:

  • Private Firewall services (either a Virtual or Dedicated Firewall) with VPN for remote access
  • Separate database and web servers for production
  • Separate test server (can use one for web and DB but not same as production)
  • Offsite data backup at the minimum, ideally a warm-site disaster recovery paradigm (easiest for cloud servers)
  • SSL certificates and HTTPS for all web-based access to PHI (protected health information)
  • Private IP addresses

Is encryption required?
We are asked this repeatedly, and the answer is “No, but it’s a darn good idea.” Encryption is usually handled at the software application level, so if you are working with a Business Associate who is providing software, ask how they address it in the application. If you are putting your own software on a server, you’ll undoubtedly have taken encryption into account. Encryption requires decryption prior to use which is computationally expensive, so you can’t just encrypt everything on the server. The best tools and methods depend on the application, operating system and usage patterns. Look for the following best practices:

  • Always use SSL for web-based access of any sensitive data (personally identifying or medical information)
  • Name, SSN, diagnosis, addresses, prognosis etc. and other sensitive information within an EMR (electronic medical records) system should be encrypted in the database using techniques and mechanisms known only to a select few.
  • Content such as images or scans should be encrypted and contain no personally identifying information.

Important HIPAA policies to ask about:

  • Documentation of data management, security, training and notification plans (every employee should have regular HIPAA security training)
  • Clients should use a password policy for their access
  • Encrypt PHI data whether it’s in a database or in files on the server
  • Do not use public FTP (File Transfer Protocol) to move files
  • Only use VPN (virtual private network) access for remote access
  • Login retry protection in their application
  • Documentation of a DR (disaster recovery) plan

Next week, we’ll talk about important questions to ask about disaster preparedness and how long it will take for you to access your PHI again in the event disaster strikes.

Are you going to HIMSS 12 in Las Vegas, Feb. 20-24? If so, stop by our Booth (#13528) and say hello! Online Tech will be exhibiting at HIMSS with our HIPAA compliant hosting solutions for healthcare and related organizations.

References:
HIPAA FAQ
What Services From Online Tech Help Make Me Compliant?
Encrypting Data to Meet HIPAA Compliance
SearchHealthIT: How to Comply With the HIPAA Security Rule
More HIPAA Resources

For HIPAA Compliant hosting, call 877.740.5028 or email contactus@onlinetech.com

  

TAGGED:HIPAA
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

women dental care
What Is a Smile Makeover and How Much Does It Cost?
Dental health
June 30, 2025
HIPAA-Compliant Messaging Apps
Top HIPAA-Compliant Messaging Apps for Healthcare Teams
Global Healthcare Policy & Law Technology
June 25, 2025
recovering from injury
Rebuilding After Injury: Path to Physical and Emotional Recovery
News
June 22, 2025
scientist using microscope
When Healthcare Ends, the Legal Process Begins: What Families Should Know About Probate and Medical Estates
Global Healthcare
June 18, 2025

You Might also Like

taking care of parents
ParentingUncategorized

Let’s Talk: Taking Care of Our Parents

May 6, 2021
Uncategorized

October 3rd and Maximum EHR Incentive Payments

October 4, 2011

Policy Management Software for Hospitals and Clinics

October 31, 2011
Patient Record on Parking
eHealthHospital AdministrationMedical RecordsTechnology

Helping Patients Protect Their Own Personal Health Information

October 1, 2014
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?