<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=49414&amp;fmt=gif">

I’d like to learn more about Campaign Creators!

3 min read

HIPAA Compliant File Sharing – Why is it Important?

By Bareerah Shoukat

Is your company HIPAA compliant if it deals with the data of health workers? Maintaining HIPAA compliance is necessary in order to protect your business, not getting fined and most importantly protecting sensitive medical data. According to a hipaajournal.com, 3,705 healthcare data breaches of more than 500 records have been reported to the HHS' Office for Civil Rights between 2009 and 2020.

This is the reason your health care data needs to be protected. The average cost per breach in 2020 was recorded at $499, making health care data breaches a costly affair!

How will you share your files by staying HIPAA compliant then? After all, not conforming to HIPAA rules is no excuse. It applies to your all files including videos.

This blog will give you an overview of HIPAA-compliant file sharing and how it affects file sharing. We will then discuss what to look for in the HIPAA compliant video platform and how it can help.

An Overview - HIPAA Compliant File Sharing

HIPAA stands for The Health Insurance Portability and Accountability Act. It is concerned with PHI (Protected Health Information), of course, related to patients. This can be related to both physical and digital files. You will often see ePHI referring to (electronic PHI) for digital files of health care sectors.

PHI includes health records, healthcare bill information, or any information that is considered sensitive. Healthcare firms, contractors, and subcontractors that handle this highly sensitive information are required to protect it.

People often share files through unsafe means, such as emails that are not HIPAA compliant. HIPAA compliant file sharing only allows authorized users to be able to send messages, share files and access healthcare data. All the sensitive data needs to be encrypted with industry-grade security both while at rest and when in transit.

How Does HIPAA Affect File Sharing?

Any file-sharing means or platform involving PHI must comply with HIPAA’s three rules.

  • The Privacy Rule, which defines PHI and other responsibilities that contributors, insurers, and associated enterprises have in order to store and transmit it. In short, they need to protect the privacy of their patients even outside of specific situations.
  • The Security Rule highlights the security measures that healthcare institutions must utilize to protect data in transit and at rest. Under HIPAA’s security rule, there are three types of safeguards to be placed
    • Technical Safeguard
    • Physical Safeguard
    • Administrative Safeguard
  • The Breach Notification Rule outlines what responsibilities these providers have in case the systems breach happens, and PHI is compromised.

A Use Case!

HIPAA monitors even timely access to medical records. The HIPAA privacy rules give patients the right to access, inspect, monitor, and obtain a copy of their own health information. One of the cases related to this concern was reported in 2019.

A doctor with medical sheet

Phoenix, AZ-based Banner Health was considered one of the largest health care systems in the US. Two complaints were received by OCR from patients alleging they had to wait many months to receive a copy of their medical records. OCR determined that this breached the HIPAA Right of Access provision of the HIPAA Privacy Rule. The case was settled for $200,000.

What to Look for In the HIPAA Complaint File Sharing Software?

In order to select the right HIPAA compliant vendor, the organization needs to assess the following features before selecting one vendor.

  1. Does the vendor have a Business Associate Agreement? Many solution providers will have a BAA that healthcare organizations can use or modify as per need for their working agreement. Not having a BAA is a red flag that the vendor is not mature enough to handle PHI
  2. Access management and tokenized URLs are other things to look for. In this way, the URLs can be expired after link viewing to prevent your files from unauthorized access.
  3. If you are sharing your video files with people, you need your download option disabled if it contains the PHI of other people or enabled if it is otherwise.
  4. Your HIPAA compliant file sharing software should have a backup of the files in case it gets deleted.
  5. Another main thing to look out for is the logs. The software should be able to keep version history to track down the changes made, who accessed or viewed your files etc.

Audit-Logs-Zoom (1)-2

HIPAA Compliance for Video

Video sessions of your patients on Zoom or MS Team or recorded sessions can be breached as these are considered ePHI. These videos have PII (Personally Identifiable Information) such as name, faces, medical history, and others that need to be redacted to maintain privacy.

A HIPAA compliant video platforms confines to the following main features

  • SSO integration where only authorized individuals get access when one set of credentials are given as input.
  • The next thing is video access management meaning to define access and control. You don’t want every person to access the medical records apart from the person it belongs to and the supervised doctor.
  • A video platform should be able to do temper detection, so the videos are instantly checked if they are the same when uploaded or not.
  • Encryption is another thing to look out for. A video platform should be FIPS compliant with end-to-end encryption
  • Audit control should be mandatory to see all the interactions performed on the video
  • Detailed video sharing features such as multiple link sharing, temporary guest sharing, link expiry and more.

HIPAA compliant file sharing

A YouTube-like platform can help in HIPAA compliant file sharing for your video files

VIDIZMO for HIPAA Complaint Videos

Looking for a YouTube-like video platform that adheres to HIPAA standards? VIDIZMO can be your best bet! It is a Gartner-recognized enterprise video platform to ingest, manage, organize, and stream videos with internal and external audiences. It not only caters to the above main features mentioned but to much more such as auto-ingestion of recorded Zoom or MS Teams meetings, AI, detailed content categorization, security and privacy.

With SSO integration and enhanced features like

  • Custom Login Timeout.
  • Custom Security Policies (For Instance, You Can Restrict External Sharing for the Entire Organization).
  • Store data in your Azure or AWS cloud data center - both of which are HIPAA Compliant.
  • PII redaction tool

Healthcare Staff Training YouTube-like Portal

Will help you ensure the private sharing and confidentiality needed for health-related information.

Learn More About VIDIZMO in Healthcare

Posted by Bareerah Shoukat

Bareerah is a product strategist at VIDIZMO - An expert in video streaming technologies. She helps businesses create marketing content that connects with their audience.

Tags: Healthcare

By signing up you agree to receive our offers, promotions & other commercial messages. You may unsubscribe any time.

Sign up for our monthly blog updates to receive great content