(Gawkwire) – The Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets the standard for protecting sensitive patient data in the U.S. Any company that deals with protected health information must ensure that all required physical, network, and process security measures are in place and followed.
The HIPAA Omnibus recently set further statutory requirements, specifying that all cloud storage companies used by CEs and BAs were subject to the same security and privacy rules under HIPAA. This includes Firmex.
Firmex has been verified as “compliant” under the Sword and Shield HIPAA Compliance Program. This is the highest of three levels assessed under the program, and confirms that we have implemented the necessary technical, physical and administrative “safeguards” (controls) at to ensure compliance with the HIPAA Privacy, Security and Breach Notification requirements.
New rules set out at the beginning of 2014 require all CEs to have updated Business Associate Agreements in place with all BAs and third party vendors by 22 September, 2014. Failure to do so can result in hefty penalties of up $50,000 per offence.
Clients using Firmex’s virtual data room platform to store electronic public health records must therefore sign a Business Associate Agreement (BAA) with Firmex. Clients are responsible for configuring Firmex in a HIPAA compliant manner and for enforcing policies in their organization to meet HIPAA compliance.
Clients who want to learn more about their obligations with Firmex under HIPAA are encouraged to contact their Account Manager or our Client Services Team.
Further information can also be found on the Firmex website.