What is HIPAA?
HIPAA is the Health Insurance Portability and Accountability Act. It's a set of physical, technical and administrative standards intended to secure the sharing of medical data – also known protected health information (PHI)
Why is Stitch HIPAA compliant?
In September of 2013, the Final Omnibus Rule Update was passed. It expanded the applicability of HIPAA from the traditional entities like hospitals and insurers to anyone who stores, manages or transmits
PHI. These entities are now called Business Associates. Stitch Technologies, Inc. signs a Business Associate Agreement with organizations and teams seeking HIPAA-compliance, which signifies the completion of requirements. Stitch is HIPAA compliant by offering both the necessary security measures and by signing a Business Associate Agreement (offered via subscription).
Do I need HIPAA compliance?
All Covered Entities need to be HIPAA compliant. A Covered Entity is anyone who provides treatment, payment and operations in healthcare. So, this includes clinics, hospitals, independent practices, home health agencies, pharmacies and insurance companies.
The fines for HIPAA violations can be pretty severe, up to $50,000 for a single incident. That’s why we’ve built Stitch. We want to provide a world-class communication experience where you don’t have to worry about security and can focus on what you do best: care for patients.
How does Stitch achieve HIPAA compliance?
We take security very seriously at Stitch. We know you’re relying on us to protect your patient data, so we use only the highest levels of security and strictest practices to secure your PHI. To help us do this, we use Aptible, a world-class HIPAA compliance deployment and management platform. Click here to see technical information on the Aptible security platform. We've also attached a summary of key technical documentation on the Aptible architecture to the bottom of this article.
Specifically, there are 4 HIPAA Rules that Stitch complies with to achieve the highest level of HIPAA compliance:
1. HIPAA Security Rule. This breaks down into three layers: physical, technical and administrative.
- Physical: This has to do with who can access PHI and how that access is controlled. Stitch is hosted with AWS, which provides much of the physical safeguarding
- Technical: This describes data transmission standards, auditing practices and authentication measures.
- Administrative: This mandates internal training, policies and procedures we implement to secure your patient data.
2. HIPAA Privacy Rule. This rule instructs on how to handle a data breach and disclose PHI to relevant individuals or parties.
3. HIPAA Enforcement Rule. This is where the penalties, investigations and procedures for violations are spelled out.
4. HIPAA Breach Notification Rule. This rule instructs us on how to handle a breach, including the timeline for notifying patients and/or other relevant parties depending on the size of the breach.
Attached is a summary of Aptible's compliance architecture.