What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
The U.S. Department of Health and Human Services (HHS) published the HIPAA Privacy Rule in December 2000, which was later modified in August 2002. This Rule set national standards for the protection of individually identifiable health. Compliance with the Privacy Rule was required as of April 14, 2003 (April 14, 2004, for small health plans).
HHS published the HIPAA Security Rule in February 2003. The Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. Compliance with the Security Rule was required as of April 20, 2005 (April 20, 2006 for small health plans).
The Office of Civil Rights (OCR) administers and enforces the Privacy Rule and the Security Rule. Other HIPAA Administrative Simplification Rules are administered and enforced by the Centers for Medicare & Medicaid Services.
The Enforcement Rule provides standards for the enforcement of all the Administrative Simplification Rules.
All of the HIPAA Administrative Simplification Rules are located at 45 CFR Parts 160, 162, and 164. The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164.
View the combined regulation text of all HIPAA Administrative Simplification Regulations found at 45 CFR 160, 162, and 164.
Are 365 Data Centers colocation facilities HIPAA compliant?
Yes, 365 Data Centers is compliant with the relevant sections of the HIPAA Security Rule across 100% of its colocation facilities. A-lign, a third party auditor, conducted a HIPAA assessment regarding 365 Data Centers’ compliance with the HIPAA Security Rule for the Administrative Safeguards, Technical Safeguards, Organizational Safeguards, Policies and Procedures and Documentation Requirements, and Physical Safeguards.
A-lign concluded that 365 Data Centers had implemented the policies, procedures, and safeguards in compliance with the relevant sections of the HIPAA Security Rule. Additionally, A-lign concluded that 365 Data Centers had implemented the appropriate breach reporting procedures as required by the Health Information Technology for Economic and Clinical Health (“HITECH”).
The scope of the assessment included 365 Data Centers’ colocation facilities in: Buffalo, NY; Chicago, IL; Cleveland, OH; Detroit, MI; Emeryville, CA (includes managed hosting services); Indianapolis, IN; Nashville, TN; New York, NY; Philadelphia, PA; Phoenix, AZ; Pittsburgh, PA; Reston, VA; San Jose, CA; Seattle, WA; St. Louis, MO; and Tampa, FL.
How does HIPAA certification benefit our customers?
365 Data Centers’ compliance with the relevant sections of the HIPAA Security Rule enables covered entities, such as, health care providers, health plans and health care clearing houses, to accelerate their compliance with HIPAA requirements to protect the privacy and security of health information.
Covered entities would engage 365 Data Centers as a Business to help it carry out its health care activities and functions. Upon request, 365 Data Centers will provide a written Business Associate Agreement (BAA) demonstrates our specific HIPAA compliance with the Security Rules’ requirements.
Are 365 Data Centers’ HIPAA audit reports available to review?
Yes, 365 Data Centers’ HIPAA audit report is available to customers and qualified prospective customers and partners upon request. Please contact us for more information or to request a copy of our HIPAA audit report.
Will 365 Data Centers provide a signed HIPAA Business Associate Agreement?
Yes, 365 Data Centers will provide a written Business Associate Agreement (BAA) to covered entities upon upon request. Please contact us for more information or to request written BAA.
View our News Release
View our Confirmation of HIPAA Assessment.