Microsoft Dynamics vendors provide comparisons and opinions to professionals in the ERP/Accounting software selection process

 
 

RoseASP Hosted Dynamics

Avoiding HIPAA Violations with Dynamics Hosting Partners


Email | Print

While many hosters and managed services providers may claim to be HIPAA compliant, there is more to avoiding HIPAA violations than compliant databases and secure data centers.

25204140_l RoseASP Post Avoiding HIPAA violations Microsoft dynamicsAre you a Dynamics Partner? Ask about helping healthcare customers with HIPAA Cloud Services »

Dynamics Hosting Partners can help reduce HIPAA risk

HIPAA compliance in the cloud is extremely complex, and if a healthcare organization is reluctant to trust a third party with patient information, it’s because they haven’t been assured that a potential cloud provider can fully appreciate the high level of compliance requirements they face.  But Dynamics ERP customers who work in healthcare should not feel deterred from growing their business in the cloud. In fact, they can do so without sacrificing security and privacy by going cloud through a HIPAA qualified hosting partner.

HIPAA Business Associates and Dynamics Hosting:

In 2013 the HIPAA Omnibus Rule was enacted which resulted in business associates carrying more of the compliance burden than ever. A business associate is any entity or person who handles private Protected Health Information (PHI) on behalf of a HIPAA covered entity. Service providers handling data for HIPAA covered entities and offering comprehensive compliance support must include a Business Associate Agreement as a standard component in all of their cloud offerings. Click to see an article on What goes into a HIPAA BAA? »

A Business Associate Agreement (BAA) is your guarantee that a cloud service provider will meet all HIPAA requirements.  It also guarantees that all employees with access to protected data undergo annual HIPAA training.  This training enables hosters to work with data, customers and auditors as qualified business associates. Providers who are truly committed to healthcare related industries offer BAAs as standard practice.

2013 HIPAA Omnibus Rule and Dynamics Hosting

The HIPAA Omnibus Rule was enacted in March 2013.  It enforces and tightens laws already on the books and places significant burdens on business associates. HIPAA originally required covered entities to monitor business associate usage of protected information and to internally enforce protections.

Under the Omnibus Rule BA’s must now:

  • Develop policies and procedures for HIPAA
  • Train staff
  • Conduct risk analysis
  • Be subject to federal inspections
  • Monitor covered entities where a BA exists
  • Have BAA’s with sub-contractors
  • Be subject to the breach notification rule

Additional HIPAA Safeguards for Dynamics Hosting

While data security is a critical part of HIPAA compliance, it is just one piece. Many additional controls must also be in place to satisfy all of HIPAA’s requirements for technical, administrative and physical safeguards. In order to continue avoiding HIPAA violations, it is critical that tight controls around these safeguards are implemented, documented and maintained by the service provider, both internally in their offices and at the data center.

In order to offer HIPAA cloud services to covered healthcare organizations, a Dynamics ERP cloud partner must maintain comprehensive policies and procedures tailored for HIPAA requirements.  They also need to undergo semi-annual risk audits and prohibit any subcontractors from accessing protected information.

Takeaway

Dynamics Healthcare customers should not be deterred from going cloud or from implementing a hybrid solution to extend their existing Dynamics software.  While HIPAA cloud compliance requires due diligence and tight controls, cloud based healthcare management can be achieved without sacrificing security and privacy.

While not all providers are created equal, a true HIPAA hosting partner will help Dynamics healthcare customers improve security and privacy and improve processes around documentation, reporting and auditing to reduce the financial costs and time costs associated with HIPAA compliance processes.

RoseASP’s Dynamics healthcare hosting customers look to us as their trusted data custodians.  We maintain a robust array of safeguards to enable secure and HIPAA compliant hosting environments and services that meet or exceed compliance requirements for Dynamics customers. With more than 15 years of experience as a Dynamics ERP cloud services provider specializing in corporate finances, compliance and risk management, RoseASP is a true HIPAA Hosting Partner for Microsoft Dynamics ERP.

by RoseASP Hosted Dynamics

Comments are closed.