1 What is HIPAA?
The United States Health Insurance Portability and Accountability Act (HIPAA) safeguards patient information by setting data privacy and security standards. It stipulates who can access health information (and when), protecting this data to ensure it remains confidential.
HIPAA IN A NUTSHELL
Originally passed in 1996, HIPAA’s range was widened through the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was incorporated into law in 2013. Amongst other points, the HITECH Act extends the penalties for non-compliance, with violations potentially resulting in fines up to $1.5 million. It also expands who the legislation covers to include subcontractors, such as providers of SaaS-based software handling Protected Health Information (PHI).
Therefore every company handling PHI as part of its operations (called a Covered Entity) needs to ensure compliance - and make sure that its subcontractors (classed as Business Associates) are also meeting legislative requirements.
Here are some definitions you need to know before discussing how Kameleoon helps achieve HIPAA compliance:
- Health Insurance Portability and Accountability Act, passed in 1996
PHI (or ePHI) - (electronic) Protected Health Information
- Data that can be used to identify an individual, their medical history or payment history. This includes name, address, social security numbers and biometric data.
OCR - the Office for Civil Rights of the Department of Health and Human Services
- This is the body responsible for enforcing HIPAA’s provisions.
- This is any organization that handles or transmits PHI electronically, such as a medical facility/practice, health insurer, HMO or health care clearing house.
- A company hired by a Covered Entity to help it carry out its health care activities and functions. There must be a written Business Associate Agreement or other arrangement in place to ensure compliance.
2 How Kameleoon is HIPAA compliant
As an organization Kameleoon enables straightforward HIPAA compliance. At a technical level our platform is designed to meet the Act’s requirements, while we will quickly sign Business Associate agreements to ensure compliance before our systems are used with your PHI or ePHI.
Our compliance focuses on these four areas:
PASSWORD EXPIRY RULES
HIPAA mandates that passwords have to be changed every 60 or 90 days. Within Kameleoon you can easily create rules to ensure users change their passwords at specified intervals.
SECURE DATA TRANSFER
To be compliant, all systems need to have the TLS 1.2 data security protocol in place. This is already the default within Kameleoon, meaning no changes need to be made to the solution to ensure compliance.
To further protect ePHI, organizations must automatically log out users if they have been inactive for 15 minutes. This option is available within Kameleoon.
BUSINESS ASSOCIATE AGREEMENT
As a trusted, compliant supplier to organizations across multiple industries Kameleoon follows clear, transparent processes in how we handle and protect data. We are happy to sign Business Associate Agreements (BAA) as part of any agreement with clients.
To find out more about our support for HIPAA compliance please contact us at [email protected] or get in touch with your Customer Success Manager.