June 4, 2015

Beware of HIPAA Ready Vendors!

Kris Gösser
Kris Gösser

Datica Alumni — Former Chief Marketing Officer

In a world where technology, healthcare, and business are all integrated, a thorough understanding of semantics is critical, especially when PHI (protected health information) is at risk. No matter what your relationship with HIPAA may be, knowing the difference between being HIPAA ready and HIPAA compliant could save you some big risks and some even bigger costs.

A general rule of thumb is to be very chary when providers of hosting platforms are claiming to be “HIPAA ready” or “HIPAA certified”; preferably target potential business partners that are “HIPAA audited” or “HIPAA compliant.” Just about any technology can be considered HIPAA ready but what do vendors really mean when they say that? All that being “ready” affirms is that the scope of your audit is extended to include those components. This will require your internal information security team to approve the system architecture in comprehensive detail prior to commencement, which will lengthen or even prevent you from launching your program.

On the other hand, Datica, a proven and audited HIPAA compliant platform, is healthcare’s trusted service in digital health for a reason. Our customers utilize our audit reports, policy page, and HIPAA mappings as the foundation of their compliance programs. With a HIPAA ready platform service, the reliance you can foster in that provider is defunct from the very beginning.

At Datica, we have taken the burden of compliance (policies, procedures, audits, technology, training, etc.) so our customers can focus on what they do best. Our documentation is even used as evidence to auditors to prove certain qualifications of HIPAA. These benefits of authentic HIPAA compliance are lost when falling into the wordplay trap that these HIPAA ready hosting services and platforms advertise.

In this day and age, a critical mistake that healthcare organizations make in concerns to HIPAA is assuming compliance is as simple as implementing security tools to prevent PHI breaches, or implementing assessment procedures that can potentially catch problems before proving to be incidental. Although HIPAA is a regulation that can be complex and difficult to fully grasp, there is one thing that should be commonly understood:

Just because you’re HIPAA Ready does not mean that you are ready for HIPAA.

tag Company Compliance