The Road to HIPAA Compliance

By Egor Kobelev

Egor Kobelev, VP of Healthcare & Life Sciences at DataArt, discusses what it takes for companies to become HIPAA compliant and outlines three key areas that need to be taken into consideration during the planning stages: process, infrastructure and technology.

Process: The cornerstone of HIPAA compliance is all about the process and paperwork. Not only should business processes in an organization be in line with HIPAA law, but they also have to be properly documented as HIPAA Standard Operating Procedures (SOP). Some of the specific steps that need to be taken down the road: designating a privacy officer, someone who ultimately would be responsible for the security of PHI and ensure organizational adherence to mandatory security management processes; developing and enforcing SOPs; updating business associate agreements (BAAs); establish contingency planning. Infrastructure: HIPAA compliance heavily depends on a company’s IT and Infrastructure. If a company is hosting data with a HIPAA-compliant, hosting provider, it must have certain administrative, physical and technical safeguards in place. Cloud technologies and hosting offerings come with a security concern. Using the cloud means decreased control over data, access to it and even its physical location. Technology: Every software product has to be certified upon release and then again following each significant change or update. Organizations have to demonstrate compliance on an annual basis. As the industry develops, companies need to make sure that they react properly to changes in the environment."

View original article in PDF.