Outsource Solutions for HIPAA Compliance

Posted by Chris Isham on January 7, 2016

Last February, President Obama signed into law the $19.2 billion Health Information Technology for Economic and Clinical Health (HITECH) Act to accelerate the process of digitizing electronic health records (EHR) in the United States. Under this law, hospitals and healthcare professionals who demonstrate “meaningful use” of a certified EHR by the year 2015 will become eligible to receive millions of federal dollars in incentive payments, and those who do not comply could be penalized. In addition, healthcare organizations must comply with related security and privacy requirements. This has proven both a powerful motivator and source of great concern for many healthcare professionals across the country.

While the benefits of adopting and implementing an electronic vs paper based system are numerous, the process comes with a set of costly and time consuming challenges. Lack of capital funding for equipment, manpower and training are second only to security concerns, and there’s also a fear that a return on investment is nowhere in sight. In addition, with software technology advancing at an extremely rapid pace there’s often a need for expensive and disruptive technology upgrades.

So where does this leave HIPAA regulated organizations who are on the countdown to 2015? Once a certified EHR solution has been implemented, the work does not end, as compliance is not an endpoint but rather an ongoing process. The good news is that instead of tackling ongoing data management, healthcare organizations now have the option to outsource this mission critical responsibility.

Annapolis-based IT outsource service provider, ByteGrid (https://www.bytegrid.com/), is leading this charge by offering compliant cloud hosting, managed hosting and colocation services to multiple biotech companies, HIPAA regulated organizations and government agencies. Unlike many Datacenters who incorrectly equate SAS70 certification with HIPAA compliance, ByteGrid's high capacity, state of the art Datacenter has implemented an industry leading Quality System that affords access to the latest technology, significant reductions in IT spending and most importantly, allows funding and resources to be focused on core businesses.

Many healthcare organizations find great benefit in subscribing to a Software as a Service (SaaS) model. With SaaS, or “software on demand,” organizations or companies contract with a SaaS vendor, such ByteGrid, to access applications over the internet via a “pay per use” subscription, rather than investing in the software themselves. This provides flexibility, scalability and significant cost savings.

It’s important to note that in order to understand if your SaaS vendor meets internal as well as regulatory requirements, an audit should be performed to better understand the business practices, past performance and regulatory adherence. A risk assessment, now required under HIPAA, will also point to critical areas of concern during the decision making process.