The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance. Covered entities (anyone providing treatment, payment, and operations in healthcare) and business associates (anyone who has access to patient information and provides support in treatment, payment, or operations) must meet HIPAA Compliance.
What HIPAA means for Zadara Storage
Zadara is considered a HIPAA Business Associates as of the above definition. There is no HIPAA certification for a service provider such as Zadara Storage.
Zadara is a HIPAA compliant hosting provider, as it has the needed administrative, physical, technical and privacy safeguards in place, according to the U.S. Department of Health and Human Services:
- Administrative Safeguards - a collection of policies and procedures that govern the conduct of the workforce and security measures.
- Physical Safeguards - policies and procedures to limit physical access to its electronic information systems and facilities in which they are housed and to ensure their availability in an emergency.
- Technical Safeguards - policies and procedures for electronic information systems to allow access only to those persons or software programs that have been granted access rights. Access should be monitored and periodically audited to ensure that it is accurate and up to date.
- Privacy Safeguards – policies and procedures for electronic information systems to protect the privacy of the data subjects (primarily pertaining to covered entities)