HIPAA Compliance for Startups

HIPAA 101: Survival tips for startups beginning their journey in healthcare

What is it?

HIPAA is a set of guidelines that outline how patient information is

to be stored and transmitted.

What HIPAA stands forHealth Insurance Portability and Accountability Act

Legislation that provides guidance on how electronic patient health information can be stored and protected.

MedicationsClinical notesInsuranceBlood testsMRI scan, etc.

Uniquely IdentifiableInformation

NameEmailSocial security numberDriver’s licensePhotographs, etc.

Health Information

Security RulePrivacy Rule Enforcement RuleBreach Notification Rule

Main points about HIPAA

The Security Rule and the Privacy Rule

Security Privacy

Standards for the securing and transmission of healthcare information

Protection of individually identifying information (SSN, name, email, etc.)

The Enforcement Rule and the Breath Notification Rule

Enforcement Rule Breach Notification

Establishes how regulators will determine liability and calculate fines for

HIPAA violations

Requires entities to provide immediate notification to HHS if a breach affects

more than 500 patients

Who does HIPAA Apply to?

Covered Entities and Business Associates

Covered Entities

Doctors, Hospitals, Health Insurers, self-insured employers

Business Associates

A Business Associate is a vendor or subcontractor who has access to

health information

What are my responsibilities as a startup?

If you’re collecting or storing health information with covered entities, sign a BAA (Business Associate Agreement). This outlines procedures

for how you will protect health information and how you will respond in the event that there is a breach.

Almost there...

What if I violate HIPAA?

Fines can range from $100 to $50,000 per violation. Annual

maximum penalty for violations is $1.5 million per year.

How can I be compliant?

Accountable will help you remain compliant with the administrative aspects of HIPAA

HIPAA compliant hosting and healthcare integration with non-standard pricing

Train your employees on proper procedures to protect patient information

Produce your own BAA agreements together with policies and procedures for handling patient information

Can partner with vendors to speed up integration with EHR providers and hospitals

Developer-friendly and open-source resources for your BAA’s and technical documentation

How can I be compliant? Cont.

Simple HIPAA compliant hosting in the cloud with affordable pricing for startups

Pricing begins at $2,500 for their standard plan with higher prices for enteprise

Compliance training that is tailored specific to employee roles

Access to policies and procedures designed specifically for web and mobile apps in the cloud

Plenty of documentation for developers on HIPAA, and True Vault’s capabilities

Privacy and data insurance policy for customers

You made it!Our explainer is only a start, ensure that you’re always in compliance

and keep up with the latest changes to HIPAA and HITECH.

visit us at obaa.io

Obaa