HIPAA: Responsibilities of a Data Center

HIPAA: Responsibilities of a Data Center

The Health Insurance Portability and Accountability Act of 1996, or HIPAA, directs federal protection of data related to the health sector. Assurance of data center compliance is of utmost importance as the business associates working in tandem with these centers could be held responsible for shortcomings.

The Department of Health and Human Services, as well as the Office of Civil Rights for PHI (protected health information), act as effective collaborators in enforcing HIPAA and imposition of fines and penalties on parties found falling short in following the procedures laid down.

An overview of HIPAA

The HIPAA Security Rule protects electronic information relayed in the health sector, ensuring the protection of confidentiality, integrity and availability to relevant units. The key responsibilities of business associates are obscure in certain areas though their primary role as covered entities holds considerable relevance.

Data centers and HIPAA

Safeguard of electronic data associated with health information received, transmitted, created or maintained by or on behalf of covered entities is the primary concern of HIPAA. Thus, data centers are required to have arrangements in place, administrative, technical and otherwise, to ensure compliance with the Act. Data center documentation, procedures, policies, audits etc. all need to follow norms laid down as per HIPAA.

Key responsibilities of data centers

Data centers are facilities that assist in the processing of information. Data content or electronic data related to the health industry is governed by HIPAA among other data compliance rules and acts. Implementation of laid down regulations and compliance with data security measures is therefore part of a date center’s core responsibilities and include:

• Adhering to administrative safeguards
• Setting up of physical safeguards
• Ensuring technical safeguards
• Fulfillment of organizational requirements
• A strong Business Associate Agreement
• Architecture that complies with HIPAA

These key responsibilities outline a data center’s role with regard to HIPAA. Protection and security of health related information and adherence to privacy rules put forth by the Act helps data centers as well as related business associates fulfill control standards, thus avoiding penalties and fines.

Alex Carroll

Managing Member at Lifeline Data Centers

Alex, co-owner, is responsible for all real estate, construction and mission critical facilities: hardened buildings, power systems, cooling systems, fire suppression, and environmentals. Alex also manages relationships with the telecommunications providers and has an extensive background in IT infrastructure support, database administration and software design and development. Alex architected Lifeline’s proprietary GRCA system and is hands-on every day in the data center.