If your healthcare organization is in the process of procuring an IT solution, then you might have come across the terms HIPAA Compliant and HIPAA Ready. But what do these mean?
This short article will summarize both these terminologies, and use diagrammatical representations to explain where your organization, cloud service providers and software vendors appear in the bigger picture.
What Does it Mean to Be HIPAA Ready?
HIPAA-ready means that a software or product meets the guidelines set forth by HIPAA and has the capabilities to help your organization better meet the requirements of HIPAA compliance. It, however, doesn’t mean that the software is endorsed or approved by HIPAA or the Department of Health and Human Services.
What Does it Mean to Be HIPAA Compliant?
HIPAA compliant refers to covered entities (healthcare organizations, clinics, CSPs, etc.) that fulfill the requirements set forth by HIPAA. It includes fulfillment of requirements beyond the features of a software, such as the continuous mechanisms and policies that need to be put in place to maintain HIPAA compliance.
Three Parties Involved in a Software Purchase
To clarify further, you need to understand that there are usually three parties involved in modern software purchases. These are:
- Your Organization: This is referred to as the “Covered Entity” under HIPAA and is the organization responsible for collecting and storing PHI.
- Cloud Service Provider: This is referred to as a “Business Associate”, which collects and stores PHI on your behalf.
- Software Vendor: These software vendors usually deploy (install) software in the datacenter of the CSP you choose. These are not directly business associates as they install software in your datacenter and do not have access to your organization’s PHI by any means. However, software vendors that sell products as SaaS, are “Business Associates” as they store and manage data on your behalf in their cloud tenant.
Here is a diagram that clarifies the concepts HIPAA-ready and HIPAA-compliant.
It’s important to note that not all software purchases may involve a CSP, as a few of these could be on-premise deployments as well. In that case, your organization would be responsible for implementing compliance mechanisms on the data storage level.
For SaaS purchases, it’s important that the software vendor stores data in a data center that is HIPAA compliant and has the necessary mechanisms in place.
HIPAA Compliance Certification – What is that?
You might have come across the term “HIPAA Certifications”. These are usually certifications carried out by CSPs or software vendors to show that they provide the capabilities to make it easy to meet HIPAA compliance requirements. This helps covered entities save a considerable amount of time when looking for software implementations.
However, the Department of Health and Human Services does not have official certification and does not endorse one either. This is because compliance is not a one-time thing where you pass certification and that’s it. It’s an ongoing process where your organization assesses security risks and implements measures to protect PHI.
HIPAA Compliant Video Streaming and Management
If your healthcare organization is looking for a platform to manage video content, while fulfilling HIPAA compliance, then do explore our software VIDIZMO.
VIDIZMO can be deployed in your on-premise datacenter, or in your own tenant in any CSP of choice (Azure, AWS, Commercial or Government).
VIDIZMO EnterpriseTube allows you to create a secure YouTube-like platform for your organization to manage and share video content internally. Do check out the HIPAA features’ checklist for video platforms to learn how our software is ready.
You could also visit our website to learn more about how VIDIZMO can be used as a healthcare video solution.
Or you could contact us and our team would be happy to assist.