HIPAA is the US law that regulates how all healthcare information is used and shared. It applies to every type of health data: digital, hard-copy, even spoken conversations. HIPAA is a 'black box', a confusing morass of regulations and requirements that is anything but intuitive. To make matters worse, the majority of information about HIPAA compliance is written for medical providers and clinicians. For healthcare software companies, HIPAA compliance is critical. Healthcare customers want proof of HIPAA compliance and hackers will continue to push the limits to break your security and privacy, so it is important to stay ahead.
The headlines are filled with news of large and small healthcare organisations being levied with significant fines if they breach HIPAA compliance. The loss of credibility and reputation from a data breach can be even worse for HIPAA compliant software companies, for whom reputation and credibility are very important. No matter the cost required to comply with HIPAA, the cost of non-compliance is always greater.
HIPAA enforcement has been ramping up over recent years. In addition to the official HIPAA enforcement agency, the Office for Civil Rights (OCR), changes to HIPAA in the HITECH Act have given new HIPAA enforcement powers to each of the fifty U.S. States' Attorney Generals. Although not officially tasked to enforce HIPAA, the Federal Trade Commission (FTC) has also stepped in to investigate and prosecute technology companies whose claims of data privacy and security are misleading or false.
HIPAA can often be an enormous burden to many software companies. However, HIPAA compliance is one of the best frameworks to build cloud applications as secure and immune to data breach as possibly. By setting very high security and privacy standards based on best practises, HIPAA helps protect health data and software company's reputations. By creating solid and time-tested security procedures that emphasise patient privacy and consumer rights, and encryption, HIPAA helps ensure customer satisfaction. By requiring a written Business Associate Agreement for customers, vendors and partners, HIPAA clarifies roles, responsibilities, and relationships of the software company.