HIPAA as a Security Benchmark

Posted by: Bridgett Weldner

Why should you care if your off-site information solutions provider is HIPAA compliant or not?


Every business is impacted by some governing body, be it HIPAA, FDA, or FTC. So when it comes to off-site information management services, how do companies know what to look for? Looking for companies that are well versed and up to date regarding information handling requirements and meet their stringent standards is an easy way to ensure that the company is qualified enough to handle your information.

If you are not a covered entity or business associate, why should you care if your off-site information solutions provider is HIPAA compliant or not? Well, if you are not a health inspector, when you go to a restaurant, why should you care what the health inspection is? Even if you don’t personally have a set food score that the food you consume must meet, you still would want to know that you are eating at a place that has scored high in the standards the food industry has established. The same is true when it comes to security. Even if your company is not directly governed by HIPAA, why would you NOT want to choose an off-site information management provider that meets the top standards in the industry?

Digital or paper, HIPAA’s goal is to protect and secure confidential information while also insuring that it is easily accessible when needed. HIPAA compliant vendors must handle ALL information, from both covered entities and non-covered entities, based on the following HIPAA guidelines:

  • Implement secure, sustainable and cost-effective methods of securely handling Protected Health Information (PHI) during all stages of the information management storage and handling process.
  • Prohibit access to PHI unless it is necessary to fulfill a request by an authorized client representative.
  • Acknowledge that PHI may need to be accessed quickly, and be prepared to react appropriately in delivering information to clients or directly to patients upon client authorization.
  • Retrieve and deliver PHI only to those authorized by the client to view it.
  • Always inform the Security/Compliance Manager or a Direct Supervisor immediately in the event of a security breach or potential security breach.

HIPAA compliant vendors understand the importance of privacy and security and hold themselves accountable. So, if you are looking for off-site information management services, a quick way to measure the quality and reliability of the company is to determine if the potential vendors are HIPAA-compliant. COR365 has a variety of HIPAA-compliant data management services.

  Related Posts

You must be logged in to post a comment.