- Compliant Hosting
- Cloud Services
- Dedicated Servers
- Managed Services
- Why Us
The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) gave HIPAA more bite by increasing penalties for non-compliance, establishing security breach notification requirements, directly applying compliance requirements to covered entities' "business associates", and granting new enforcement authority to state Attorneys General. HITECH also required the Department of Health & Human Services (HHS) to implement a HIPAA compliance audit program to ensure that covered entities and business associates comply with HIPAA privacy and security requirements as well as the new security breach reporting requirements.
HHS's implementation of the HIPAA compliance audit program ramped up in 2012. HIPAA covered entities and business associates (such as healthcare SaaS providers) need to be prepared for a HIPAA compliance audit.
The HHS Office of Civil Rights (OCR), the agency responsible for HIPAA enforcement, completed its pilot HIPAA compliance audit program in 2012. The OCR and its contractors audited more than 100 covered entities (healthcare providers, insurers, and clearinghouses) to verify their HIPAA HITECH compliance. With the pilot phase completed, the HIPAA compliance audit program will continue in 2013 and beyond, with an expectation of expansion to include audits of covered entities' business associates.
For an audited organization, the HIPAA compliance audit process includes several stages including notification, a requirement for submission of compliance-related documentation, an on-site visit of between three and ten days, and production of an audit report. If an audit report indicates a serious non-compliance issue, OCR may initiate a full compliance review and investigation.
OCR in 2012 published a HIPAA compliance audit protocol. The protocol, which is expected to evolve as OCR continues to conduct more audits, details more than 160 distinct audit criteria associated with HIPAA privacy, security, and breach notification requirements. Nearly half of the criteria have to do with HIPAA security requirements for IT infrastructures, as mandated by the HIPAA Security Rule. The Security Rule for IT HIPAA compliance requires administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic personal health data.
The criteria for a HIPAA compliance audit are rigorous, complex, and evolving. The fastest, surest, and most economical way to ensure your organization's compliance to HIPAA requirements is to have your healthcare IT workloads hosted by Layered Tech, the compliant hosting experts. At Layered Tech we specialize in hosting platforms and applications that have strict security and regulatory requirements such as those imposed by HIPAA, PCI-DSS (credit card data), and FISMA (federal agency IT systems). We offer a range of managed HIPAA compliance solutions including dedicated servers, cloud platforms, and hybrid environments. Our compliant hosting service features a 100% Compliance Guarantee.