Filter by Category

Can HIPAA Certified Solutions Really Guarantee Compliance?

achieving HIPAA compliance

When searching for a new healthcare solution to meet your organization’s needs, it’s easy to see the labels “HIPAA Certified” or “HIPAA Compliant” and believe your bases are covered. After all, “HIPAA Certified” means the product or application follows HIPAA’s privacy rules and has everything in place to protect your health and patient information, right?

Unfortunately, no. While such a certification could be useful for organizations in the future, giving them peace of mind during the stressful process of shopping for new solutions, the U.S. Department of Health and Human Resources (HSS) “does not contemplate certification of HIPAA compliance, nor does it authorize any third party to provide an “official” certification,” reports this recent article from HealthData Management. This means businesses that tout their products as compliant or certified can do so—but can’t enforce the claim as legally true.

If you see a solution that’s labeled “HIPAA Certified,” you can still consider it as a viable option, just do so carefully. Businesses often use these terms as a simple way to say “we meet all of HIPAA’s rules and regulations in our given field, and we can help you take steps toward full compliance.” But they can’t guarantee their product will make you compliant, and ultimately the responsibility to become and remain compliant rests on you and your organization.

Rob Reinhardt, owner of Tame Your Practice, a company that provides consulting to mental health and wellness professionals, says this of “HIPAA Certified” solutions: “You cannot maintain HIPAA compliance by simply “only purchasing HIPAA compliant stuff.” Only Covered Entities and Business Associates can be compliant. They do so by following all of the requirements of HIPAA and HITECH, which are extensive.” Covered Entities are health care providers, like doctors and psychologists, health plans, like health insurance companies or government plans, or health care clearinghouses. Business Associates are people or businesses that help Covered Entities carry out their daily functions.

Are you shopping for a solution that will support your business processes and bring you one step closer to full HIPAA compliance? To make the search less painful, here are a couple tips we recommend following when vetting potential companies.

1. Read the Fine Print

When you come across a product that is labeled certified or compliant, read the fine print to see exactly what they’re offering you. Make sure they clearly list what they’ll do to help your organization achieve HIPAA compliance, and be wary of  any company that hides this information or won’t give it to you. We also recommend you think carefully before purchasing software from a business that’s been declared HIPAA compliant by a third party. Just because someone else says they’re compliant doesn’t mean they are.

2. Ask the Right Questions

Go into the conversation or demo with a list of questions you need answered. Here are a few we recommend to get you started:

  • Do you have a clear outline of how your product will help me become HIPAA compliant?
  • Do you have a HIPAA compliance checklist I can see?
  • How does the product encrypt sensitive data?
  • Can it run audit reports of data access and movement?
  • What level of expertise does your business have with HIPAA and HITECH?
  • Do you have a HIPAA specialist on staff that I could talk to?

In the end, finding a solution that matches your needs shouldn’t be difficult. It should be easy. Just remember: the right solution will help you in your journey to HIPAA compliance, not guarantee it. Only you can do that—by making sure your organization meets all HIPAA regulations.

Looking for a managed file transfer solution that can help your organization meet several key HIPAA and HITECH requirements via a managed, centralized, and auditable environment? Our solution, GoAnywhere MFT, may be right for you.

To learn more, download our white paper, How Managed File Transfer Addresses HIPAA Requirements for ePHI, or view our HIPAA and HITECH solutions brief.

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


10 Ways to Achieve File Transfer Automation with GoAnywhere MFT

January 14, 2019

Here’s a fun fact: When it comes to streamlining file transfer processes, automation is the supporting sidekick to any IT or cybersecurity professional. Like Robin supports Batman…


Which is Better: Dropbox vs. MFT?

January 9, 2019

So you’re looking for a way to securely share files with your team. Great! There are plenty of tools you can use today to collaborate and share documents as projects arise. Some are on-premises…


Data Breach and Incident Response Plans | 2019 Templates & Best Practices

December 27, 2018

Every year, organizations hope that statistics for data breaches will improve, that things will be better than the year before. And every year, they are dismayed to discover that even though…


How One Global Health IT Company Achieves PCI-Compliant File Transfers with an MFT Solution

December 21, 2018

Compliance audits can be stressful, especially when they come on the heels of data security standard updates and deadlines. For one global health technology company, a looming PCI DSS audit not only…


What is FTPS?

December 4, 2018

Whether you’re looking to upgrade from your current FTP file transfers or have new requirements from a trading partner or customer, you might be wondering what FTPS is. How does it work, you…