Firmex is pleased to announce that it is now compliant with HIPAA / HITECH regulations, as assessed by Sword & Shield Enterprise Security.
TORONTO, ONTARIO (PRWEB) SEPTEMBER 19, 2014 –
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets the standard for protecting sensitive patient data in the U.S. Any company that deals with protected health information must ensure that all required physical, network, and process security measures are in place and followed.
- Covered Entities (CE): anyone who provides treatment, payment and operations in healthcare
- Business Associates (BA): anyone with access to patient information and provides support in treatment, payment or operations. This also includes subcontractors (BAs of BAs).
The HIPAA Omnibus recently set further statutory requirements, specifying that all cloud storage companies used by CEs and BAs were subject to the same security and privacy rules under HIPAA. This includes Firmex.
Firmex has been verified as “compliant” under the Sword and Shield HIPAA Compliance Program. This is the highest of three levels assessed under the program, and confirms that we have implemented the necessary technical, physical and administrative “safeguards” (controls) at to ensure compliance with the HIPAA Privacy, Security and Breach Notification requirements.
New rules set out at the beginning of 2014 require all CEs to have updated Business Associate Agreements in place with all BAs and third party vendors by 22 September, 2014. Failure to do so can result in hefty penalties of up $50,000 per offence.
Clients using Firmex’s virtual data room platform to store electronic public health records must therefore sign a Business Associate Agreement (BAA) with Firmex. Clients are responsible for configuring Firmex in a HIPAA compliant manner and for enforcing policies in their organization to meet HIPAA compliance.
Further information can also be found here.