background image

What is HIPAA?

HIPAA (Health Insurance Portability and Accountability Act) is an act that determines the methods that the organizations that work with protected health information (PHI) should follow when recording, managing, storing and disclosing such information. PHI can include different types of data related to the medical condition of the patient, such as the past, present or future physical health or condition of an individual, healthcare services provided to a patient and billing information. 

In genearal, PHI can be found in a big variety of documents, such as MRI or X-ray results, prescriptions, blood tests, medical records etc.

Which organizations should be HIPAA compliants?

The need for a company to be a HIPAA compliant can depend on many different factors, you can learn about it in more detail on the official website of the HHS. To put it simply, a company that works directly with patient's PHI should be HIPAA compliant. 

Is ElectroNeek a HIPAA compliant?

Formally, ElectroNeek is not a HIPAA compliant at the moment. But ElectroNeek does not need to. The need to comply with HIPAA methods belongs to those companies that work directly with PHI. ElectroNeek, in turn, does not interact with the PHI directly, does not store the PHI on its servers, does not collect or transfer the PHI directly.

The question may arise if, say, a Managed Service Provider is going to interact with such type of data through, say, an OCR engine. But in that case ElectroNeek provides a direct connector to the engine. ElectroNeek does not save the data on its server so the question of compliance with HIPAA lies on the engine's shoulders and on the shoulder of the MSP depending on the business process.

At the same time, we completely understand the importance of being a HIPAA certified company and the influence of having such status formally on the decision making process for MSPs. We are already taking all the necessary steps to become HIPAA certified.

However, the formal absence of the HIPAA certificate should not be treated as a blocker for MSPs.