What is HIPAA?
HIPAA, the U.S. Health Insurance Portability and Accountability Act sets the standard for protecting sensitive patient data. HIPAA's primary objectives are to ensure the portability of health insurance coverage for individuals, facilitate administrative simplification in healthcare transactions, and establish strict standards for protecting the confidentiality of patients' sensitive health data.
One key aspect of HIPAA is its Privacy Rule, which sets standards for safeguarding patients' personal health information (PHI) and gives individuals greater control over their health data. Covered entities such as healthcare providers, health plans, and healthcare clearinghouses must comply with these rules by implementing security measures, obtaining patient consent for certain uses of PHI, and ensuring that only authorized personnel have access to this information. The Security Rule further complements the Privacy Rule by requiring these entities to adopt measures such as encryption, access controls, and regular security assessments to protect electronic PHI from unauthorized access or breaches.
Below are some useful key terms:
Covered entity
A covered entity refers to specific types of organizations or entities that are subject to the regulations outlined in HIPAA's Privacy, Security, and Breach Notification Rules.
Business associate
A business associate refers to an individual or entity that performs certain functions or services on behalf of, or for the benefit of, a covered entity. Business associates are typically not part of the covered entity's workforce but have a business relationship that involves the use or disclosure of protected health information (PHI).
Business Associate Agreement (BAA)
Since business associates may have access to PHI, HIPAA extends its privacy and security obligations to them through written agreements called "business associate agreements” or “BAA”. Business associate agreements establish the legal requirements and expectations for how business associates will handle PHI on behalf of the covered entity. The BAA outlines the specific safeguards that the business associate must implement to ensure the confidentiality, integrity, and security of PHI. A BAA must be in place before the transfer of PHI from the covered entity to the business associate.
Atera and HIPAA
Atera has been working diligently to satisfy applicable HIPAA requirements and allows its Enterprise and Superpower Plan customers to enter into a Business Associate Agreement (BAA). It has also received its HIPAA Seal of Compliance from CompliacyGroup. This verification validates Atera’s “good faith effort” to satisfy the HIPAA law and regulations and is a testament to our dedication to maintaining the highest standards of security and privacy.
If you are an Enterprise or Superpower Plan customer and need a signed BAA, please send a request to success@atera.com and our BAA will be sent to you for your signature.
To receive the Seal of Compliance Letter, please send a request to success@atera.com