In a recent blog post, Derek Wiedenhoeft explains how do get started if you are in need of HIPAA-compliant hosting.
So you need HIPAA-compliant hosting, and you want to know what the basics to get started are. Before we delve into the details, it helps to know the different types of companies that are concerned with HIPAA, in order to understand your relationship with the hosting provider.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines two different types of organizations that must meet its parameters: covered entities and business associates. However, there is now a third type of organization that falls under HIPAA rules. Here is basic descriptive information for these categories from the National Institutes of Health (NIH)[i]:
Covered Entity
A health plan, healthcare provider, or healthcare data clearinghouse that transmits health information.
Business Associate
A person or organization that carries out tasks for a covered entity involving processing or storage of protected health information (PHI).
Hybrid Entity
A covered entity that conducts a combination of business tasks, some of which are related to HIPAA-protected data and some of which are not.