Logicworks Managed Hosting Solutions

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) affects most organizations that provide healthcare or support, and/or transact business with other health-related organizations. As a result, HIPAA affects employers, financial institutions, information technology outsourcing vendors, and ISPs.

HIPAA is intended to ensure the privacy and confidentiality of personal health information and its privacy rules apply to healthcare payers, providers and clearinghouses that qualify as “covered entities” (CEs). Under HIPAA the owner of the data in an outsourcing relationship must require the service provider (known as a “business associate” under HIPAA regulations) to maintain the confidentiality of the information.

Of the five major parts comprising HIPAA, the Administrative Simplification Act most affects Information Technology systems. The Administrative Simplification Act calls for industry standard electronic data interchange (EDI) combined with stronger security standards that will ultimately guard against fraud, abuse, and eliminate unauthorized use of healthcare information.

It is important to note that there isn’t a true HIPAA hosting certification, but that there are stringent guidelines that have to be met. Still, without a benchmark, compliance with security and privacy rules are open for interpretation. Logicworks maintains a SAS 70 Type II audit, and exercises the utmost diligence in the evaluation and implementation of processes, policies, and systems. LogicOps, our asset management and tracking system, will provide detailed, auditable documentation on all activity related to your account at Logicworks.

HIPAA-Compliancy Overview

HIPAA-compliant hosting requires that Covered Entities, such as HMOs, group health plans, etc., meet certain standards. While the onus is on the healthcare organization to meet the listed requirements, Logicworks will provide an infrastructure that ensures clients comply with HIPAA’s newest “Security Rule”. A combined approach, where the client provides the methodology for compliance, and Logicworks provides compliant hosting and database services. It is the ideal solution to meeting compliancy with a cost-effective solution.

A HIPAA-compliant solution must meet all of the following criteria:

• Identification & Authentication The process of correctly identifying and authenticating users.
• Authorized Privileges & Access Control Authorizations or privileges can be obtained.
• Confidentiality Access controls have to ensure that there is no accidental or unauthorized disclosure of data (encryption).
• Integrity Measures to ensure that data does not get unintentionally or maliciously altered.
• Accountability Track actions or behaviors of users (auditing; how data is accessed).

HIPAA's Security Rule

The HIPAA Security regulations apply to protected health information that is electronically maintained or used in an electronic transmission. Its requirements are divided into administrative, physical and technical safeguards. These safeguard categories are further divided into standards and implementation specifications that provide instructions for enabling the components of the three categories. This standard aims at assuring the integrity and availability of electronic protected health information (PHI). As such, the Security Rule addresses issues such as data backup, disaster recovery and emergency operations.

Additional Compliance Opportunities

In an effort to substantially ease the deployment of and transition to HIPAA-compliancy, Logicworks is partnered with Oracle and Microsoft, companies that provide software to meet auditing and authentication needs of HIPAA-compliant environments. Logicworks is particularly well-equipped to support the regulatory-compliant database systems from both vendors through Logicworks’ own Managed database services.

Both Oracle 10g/11g and Microsoft SQL Server 2005 have security and encryption features t o safeguard information contained within databases. It is now possible to shield confidential data from DBAs and server administrators without impacting the efficiency of the day-to-day tasks they perform.

Therefore, aside from being able to supply a compliant infrastructure, Logicworks is also ideally equipped to maintain Covered Entities data-integrity.

Regulatory compliance and the associated security guidelines can be a web of confusing acronyms and requirements, but a good vendor should be able to explain how these regulations apply to your business and how to accomplish a compliant solution within your budget. The engineers at Logicworks have been guiding our clients through these types of challenges for over fourteen years. If you are looking for a PCI or HIPAA compliant hosting environment, contact our sales department and we will be happy to discuss the specific needs of your business and make a recommendation.