HIPAA Compliance With SmartLev

Understanding HIPAA Compliance

HIPAA, an acronym for the Health Insurance Portability and Accountability Act of 1996, is a crucial piece of legislation in the United States designed to protect the privacy and security of medical information. This federal law, enacted under the administration of President Bill Clinton on August 21, 1996, comprises five main sections, or titles, each addressing different aspects of healthcare information protection and insurance.

These sections are:

Title I: HIPAA Health Insurance Reform
Title II: HIPAA Administrative Simplification
Title III: HIPAA Tax-Related Health Provisions
Title IV: Application and Enforcement of Group Health Plan Requirements
Title V: Revenue Offsets

HIPAA Title II:

Under Title II, known as the Administrative Simplification provisions, HIPAA sets forth several compliance requirements, including:

National Provider Identifier Standard: Every healthcare provider, employer, health plan, and healthcare entity must obtain a unique 10-digit National Provider Identifier (NPI).

Transactions and Code Sets Standards: Healthcare organizations are required to utilize a standardized process for electronic data interchange (EDI) for the submission and processing of insurance claims.

HIPAA Privacy Rule: Officially titled the Standards for Privacy of Individually Identifiable Health Information, this rule creates nationwide standards for safeguarding patient health information.

HIPAA Security Rule: The Security Standards for the Protection of Electronic Protected Health Information outline standards for securing patient data.

HIPAA Enforcement Rule: This establishes protocols for investigating HIPAA compliance breaches.

The two requirements that apply to the relationship between SmartLev and the client (the Practice) are the HIPAA Privacy Rule and the HIPAA Security Rule. The details of each of these rules can be found here:

HIPAA Privacy Rule

HIPAA Security Rule

Smartlev Compliance

In the relationship between SmartLev and the client (the Practice), the Practice is considered the "HIPAA-covered entity," while SmartLev is a "HIPAA Business Associate."

Work with The Compliancy Group consultancy has been done to ensure that SmartLev is in full compliance with the HIPAA Privacy Rule and the HIPAA Security Rule so that we can enter into HIPAA Business Associate Agreements (BAA) with our clients.

Data Security Measures

SmartLev employs automatic encryption for all data before it's stored on our servers, ensuring data protection without the need for manual setup or configuration alterations. The data is automatically and transparently decrypted when read by an authorized user.

Our approach to server-side encryption includes the management of cryptographic keys by Google, leveraging robust key management systems with strict access controls and auditing. Both the data and metadata of each database object are secured using the 256-bit Advanced Encryption Standard, with encryption keys themselves being encrypted with a set of master keys that are rotated regularly.