Before You Sign: 4 Extremely Important Questions to Ask Your HIPAA Provider

The Health Insurance Portability and Accountability Act (HIPAA) makes it easier for workers to get and keep health insurance coverage, but it also adds several layers of complicated regulations to insurance agreements. This is especially true as the methods of communication and information storage evolve in health care and business marketplaces. Before you sign a coverage agreement with a HIPAA-compliant provider, you should look into the specifics of how they operate, so you can avoid expensive problems and breaches of security.

Is the Provider 100% HIPAA Compliant?

Before You Sign: 4 Extremely Important Questions to Ask Your HIPAA Provider 1

Image via Wikimedia Commons by Compliance and Safety LLC

While it’s almost certain that hosting companies for health insurance providers are regularly audited for HIPAA compliance, some aspects of the provider’s information transmission and storage procedures may go unchecked. Many providers are still in the process of adopting cloud storage techniques for customer information, so not all providers submit this virtual data to HIPAA audits.

In addition to standard HIPAA compliance, inquire into your provider’s understanding of the Health Information Technology for Economic and Clinical Health (HITECH) Act. HITECH ensures comprehensive compliance, even for information stored using new methods that may otherwise be vulnerable to data mismanagement.

Does the Provider Accept Independent Audits?

Any health insurance hosting provider that claims confirmed HIPAA compliance should be happy to allow an independent audit of compliance by a third party. If you want to send in your own auditor to determine compliance, your hosting provider should be happy to allow a full examination of their practices.

A provider that doesn’t allow independent audits or only allows partial audits by an auditor of your choosing may not be truly HIPAA compliant. As with your initial inquiry into the provider’s compliance, any independent audit should include both standard practices and any HIPAA hosting systems they employ.

What Privacy Procedures Do You Use for PHI?

Before You Sign: 4 Extremely Important Questions to Ask Your HIPAA Provider 2

Image via Wikimedia Commons by Phillipe Belet

One of the most important aspects of HIPAA compliance is the confidentiality of Protected Health Information. PHI includes a patient’s medical treatment documentation, payment history, identification records, and other sensitive information. All hosting providers that are compliant with HIPAA and HITECH should have concrete procedures in place to keep PHI secure. This includes:

  • A private firewall with Virtual Private Network (VPN) protection
  • Standardized data encryption of PHI
  • Separation of information across multiple databases

What is Covered by the Provider’s BAA?

Business Associate Agreement (BAA) is an indispensable part of any insurance coverage contract. The BAA should specifically outline that PHI is protected, how it is protected, and how the provider responds to breaches of data privacy. This not only puts these protections in writing, it also demonstrates that a provider understands the full extent of their responsibilities and how to fulfill them. Without a BAA and the readiness it describes, PHI is at risk from breaches from multiple sources within the provider’s company, by their competitors, and through any subcontractors they employ.

HIPAA-compliant health insurance providers face a complex series of regulations amid a changing technological landscape. For businesses and health care providers, the best insurance hosting providers are the ones that demonstrate a thorough understanding of their responsibilities and the methods necessary to keep PHI secure.

Before You Sign: 4 Extremely Important Questions to Ask Your HIPAA Provider 7

Before You Sign: 4 Extremely Important Questions to Ask Your HIPAA Provider 10
He's an avid gadget geek and spends most of his time reading or writing.

More from author


Leave a Reply!

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Celebrate the 2020 NBA Champions with LEBRON23

Before You Sign: 4 Extremely Important Questions to Ask Your HIPAA Provider 14

Related posts



Latest posts

Creating an R&D Process

Research and development help you stay ahead of your competition and keep giving customers new and exciting products. Even a small business...

Instagram comments and other smart tactics to promote a web design business on Instagram

Today, the majority of organizations are hiring web designers and web design firms. And though that results in several scopes, it...

Why Digital Nomads Need a Quality Pair of Glasses

These days, more and more people work in front of a computer. Whether you’re a student, digital professional, or someone who loves...

What I'm Currently Reading

Who Moved My Cheese?
The One Minute Manager
David and Goliath: Underdogs, Misfits, and the Art of Battling Giants
The FabYOUList: List It, Live It, Love Your Life

James Hicks's favorite books »

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!

%d bloggers like this: