HIPAA Compliance is the New Black: Tips for Tech Vendors

In today’s health IT climate, the future of completely virtualized care is imminent. From health records to the way patients interact with their providers, telehealth and its related services continue to shape the healthcare experience.

However, in this increasingly digital world, the path to security and ensuring that private health information (PHI) remains private continues to be a top concern. While building from a security-first design model and ensuring network session control — among other things — are important aspects to consider, HIPAA compliance is also a key factor for tech vendors looking to support digitally transforming healthcare organizations.

What follows is a deeper dive into why, as well as some tips for companies considering the road to HIPAA compliance, from Revation Director of Compliance and QA Ron McClintic.

Q: From an industry perspective, why is it important for tech vendors to be HIPAA-compliant?

Ron: If a significant portion of a company’s customer base is in healthcare or in a healthcare-related industry, HIPAA compliance is important because it needs to be able to ensure and prove that it is properly safeguarding any PHI data that passes through its system, or is retained in a database.

Further, if customers can integrate that company’s products and services into their larger solutions, they also need to be able to prove those larger solutions properly safeguard PHI.

Q: Does HIPAA compliance by a tech vendor add any extra value to a healthcare organization?

Ron: By achieving HIPAA certification, vendors can assist the healthcare organizations they support in building their own larger integrated solutions.

Additionally, for organizations required to maintain their own compliance certifications, a key element is ensuring that any business associates or vendors are also compliant. By proactively achieving HIPAA compliance on their own, tech vendors essentially make it easier for healthcare organizations to partner with them. This also provides a head start on their customers’ own compliance, rather than offloading it to the customers — which further drives health IT’s reach and influence.

Q: Are there any changes coming down the pipeline that companies should consider before pursuing compliance?

Ron: From a “big picture” perspective, not much is likely to change in terms of HIPAA standards for IT vendors in the next two years. However, since cyber threats are constantly evolving, there will undoubtedly be details of the standards that must evolve to keep up. Having said this, of course, the legislative element is always a wild card. Essentially, IT vendors in every space should always stay up to date on the latest security measures and precautionary steps. In healthcare, part of that means staying up-to-date on the latest HIPAA requirements.

Q: Do you have any tips for tech vendors looking to pursue HIPAA compliance?

Ron: Yes, HIPAA compliance needs to become part of the DNA of the company — which has several advantages:

• Ensuring compliance prevents problems, such as preventing a data breach.
• By making compliance an ingrained habit, preventing such problems becomes easier to accomplish.
• If there is a breach, the records from the measurement and management will be useful in the event of legal action.

Oddly enough, HIPAA’s delayed audit process has produced two conflicting outcomes for health IT deployments: some organizations used the delay time to become better prepared, while others used it to delay capital expenditures. Any company that was forward-thinking from a practical standpoint and engaged with the HITRUST certification process is well-positioned to pass any HIPAA audit. It comes down to the attitude of an organization’s leadership.

Modernize Communications with LinkLive Healthcare
Built with patient access best practices in mind, LinkLive Healthcare delivers a secure platform to measure, manage, and optimize communication channels.