Compliance: HIPAA

Health Insurance Portability and Accountability Act

The federal government issued the Health Insurance Portability and Accountability Act (HIPAA), Public Law 104-191, in 1996 to improve the security and efficiency of the healthcare system. HIPAA sets standards for the electronic exchange of healthcare data, regulates the security and privacy of personally identifiable healthcare information and requires providers to use national identification systems for healthcare patients, providers, payers and employers. HIPAA rules were designed to encourage adoption of secure Enterprise Content Management (ECM) practices in the healthcare industry.

Healthcare Impact

Healthcare providers must adopt national standards for electronic healthcare transactions. The Privacy Rule requires companies to protect and track disclosures and remove PHI from records before they are shared. The Security Rule outlines administrative, physical and technical safeguards for electronic PHI. Although the most burdening deadlines passed in 2003 and 2005, recent reports state many companies are still struggling with compliance. Noncompliance can result in civil penalties of up to $25,000 per violation and criminal penalties of up to $250,000 and 10 years in prison.


About 545,000 entities make up the healthcare industry. Healthcare providers, insurance companies and anyone who handles medical information must comply with HIPAA regulations. This includes employers and everyone who collects or has access to Protected Health Information (PHI).

Healthcare IT priorities continue to concentrate on:

  • Data security for patient privacy and confidentiality
  • Compliant disclosure processes
  • System activity monitoring and disaster recovery

ECM Enables HIPAA Compliance

ECM technology provides document and system security that acts as a means for unified compliance and operational efficiency. Many hospitals, doctor’s offices and other companies use InfoStore’s solutions to address HIPAA privacy and security regulations. InfoStore ECM services are affordable, easy-to-integrate systems that also help healthcare companies reduce records management costs and enhance productivity.

Data Security for Patient Privacy and Confidentiality

Healthcare providers must ensure the confidentiality, integrity and availability of all electronic PHI created, received, maintained or transmitted. ECM systems must be protected from intrusion, and companies must create procedures for clearly identifying those who need access to protected information. InfoStore provides the tools to address these compliance concerns.

  • 256-bit AES data encryption can occur both during transmission and while data is stored, protecting PHI at every step.
  • Login security settings require all session activity to come from the original login, and additional security protects the flow of information over public networks.
  • Extensive security settings allow you to restrict access by project, document and index field to ensure doctors and billing processors view only the information necessary for the task.

Compliant Disclosure Processes

HIPAA regulations require healthcare providers to track and document all disclosures of PHI to any internal or external party. De-identification requires companies to strip all PHI from a document before it can be shared. Healthcare providers use disclosure tracking technologies to enforce strict policies and procedures for sharing patient information

  • Redaction hides PHI to de-identify records and protect patient privacy when a document is shared.
  • Enhanced auditing restricts information sharing to a pre-approved list of recipients and records every disclosure, including who received information, when and how.
  • Document grants allow secure, temporary, web-based information access for external parties, such as insurance providers and outside practices.

System Activity Monitoring and Disaster Recovery

HIPAA requires companies to identify data backup methods and review operations routinely to identify potential security violations. Healthcare providers must ensure information has not been changed or erased in an unauthorized manner. Extensive security settings, system reporting features and disaster recovery tools are all at your fingertips with InfoStore HIPAA compliant ECM solutions.

  • The system tracks all user activity, including successfully completed, attempted or suspicious activities, such as trying to open protected records without security clearance.
  • Unalterable logs show who accessed which pieces of information and provide documented evidence of HIPAA controls.
  • Backup processing and data replication ensure information availability.

DISCLAIMER: This document is for informational purposes only; InfoStore is not liable for errors, omissions or inadequacies. Please consult an appropriate compliance expert to understand your needs. This information is subject to change without notice.

Partnering with InfoStore means experience.

InfoStore has been a provider of innovative and proven solutions to the Cleveland Ohio and northeast Ohio area for over 100 years. Contact the experts at InfoStore now for a no obligation education information management quote.

Contact us