Inovonics HIPAA Compliance

A growing number of healthcare providers are using cloud services to process, store, and transmit protected health information (PHI).

Inovonics enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure Inovonics cloud environment to process, maintain, and store protected health information.

To learn more, reference the Q&A section below:

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is legislation that is designed to make it easier for US workers to retain health insurance coverage when they change or lose their jobs. The legislation also seeks to encourage electronic health records to improve the efficiency and quality of the US healthcare system through improved information sharing.

Along with increasing the use of electronic medical records, HIPAA includes provisions to protect the security and privacy of protected health information (PHI). PHI includes a very wide set of personally identifiable health and health-related data, including insurance and billing information, diagnosis data, clinical care data, and lab results such as images and test results. The HIPAA rules apply to covered entities, which include hospitals, medical services providers, employer sponsored health plans, research facilities, and insurance companies that deal directly with patients and patient data. The HIPAA requirement to protect PHI also extends to business associates.

Health Information Technology for Economic and Clinical Health Act (HITECH) expanded the HIPAA rules in 2009. HIPAA and HITECH together establish a set of federal standards intended to protect the security and privacy of PHI. These provisions are included in what are known as the “Administrative Simplification” rules. HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities.

For more information about how HIPAA and HITECH protect health information, see the Health Information Privacy webpage from the US Department of Health and Human Services.

There is no HIPAA certification for a cloud service provider (CSP) such as Inovonics. However, Inovonics is HIPAA compliant. Inovonics has worked with a third-party firm to develop and implement policies and procedures to ensure compliance to all current HIPAA rules and regulations.

Under the HIPAA regulations, cloud service providers (CSPs) such as Inovonics are considered business associates. The Business Associate Agreement (BAA) is an Inovonics contract that is required under HIPAA rules to contractually ensure that Inovonics appropriately safeguards protected health information (PHI). The BAA also serves to clarify and limit, as appropriate, the permissible uses and disclosures of PHI by Inovonics, based on the relationship between Inovonics and our customers, and the activities or services being performed by Inovonics.

Yes. Inovonics strictly adheres by all HIPAA rules and regulations and can sign standard Business Associate Agreement (BAA) upon review and approval of executive staff.