I need a giant slice of PHI

Yeah, so I’m trying to be funny while talking about data security, which can be a dry topic. But it’s definitely an important one to discuss because it seems like there’s an air of mystery around it.

What do you know about HIPAA? Besides the fact that it sounds like “hippaaaah” (you, know, as in relax, “ahhhhh”)? You’re probably vaguely familiar with it because you’ve seen the form at the doctor’s office while you’re completing that plus 10 other forms. What about SOC2? Sock it to ‘em? Nope, not that. PHI? Yeah I like a big pizza pie too. But no dice.

There are many industry sectors (healthcare, insurance, retail) that have high-level security needs surrounding their communications. Social security numbers, patient medical histories and member IDs are just a few of the data fields that need special security requirements in place for a solution provider to handle.

The government loves acronyms. But what do they all mean?

HIPAA (Health Insurance Portability and Accountability Act): United States legislation that provides data privacy and security provisions for safeguarding medical information.

PHI (Personal Health Information): Also referred to as protected health information, generally refers to demographic information, medical history, test and laboratory results, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate care.

AT 101/SOC 2: AT 101 is the professional standard used for issuing SOC 2 reports. SOC 2 is part of the AICPA Service Organization Control (SOC) reporting framework. SOC 2 reports are generally geared towards many of today’s technology driven service organizations, such as Software as a Service entities, data centers and managed service providers.

HITECH (Health Information Technology for Economic and Clinical Health Act): Brings additional compliance standards to healthcare organizations. It is directly related to HIPAA, and contains specific incentives designed to accelerate the adoption of electronic health record systems among providers.

HITRUST (Health Information Trust Alliance): In collaboration with healthcare, technology and information security leaders, the HITRUST alliance has established a Common Security Framework (CSF) that can be used by all organizations that create, access, store or exchange sensitive and/or regulated data. The CSF includes a set of controls that seek to standardize the requirements of multiple regulations and standards.

Now you know what they are. What does it mean to be compliant?

As a solution provider with these security compliances in place, our entire staff undergoes special training to ensure they follow very specific protocols when handling sensitive communications. There are specific processes in place, along with safeguards (like limited user access to certain areas of the plant, shredding overages, etc.) that allow us to adhere to these compliances.

Next time you choose a solution provider to handle sensitive data, check and see if they have these strict security measures in place. We have them all, which means you know we’ve got this.

Now you can relax, sit back and say, Hip-Ahhhhhhh.