HIPAA Compliance Q-A
Q: What do IT circles mean when they refer to HIPPA compliance?
A: When IT circles refer to HIPAA compliance, they usually mean HIPAA Title II.
Health Insurance Portability and Accountability Act (HIPAA), signed into law by Bill Clinton in 1996, is the US legislation that provides data security and privacy for safeguarding medical information. HIPAA’s Title II requires healthcare organizations to implement secure electronic access to health data and to remain in compliance with privacy regulations set by the U.S. Department of Health and Human Services (HHS).
Find more information on HIPPA here
Q: Should our organization comply with HIPPA?
A: Only “covered entities” are bound by the privacy standards.
The following entities, collectively called “covered entities”, are bound by HHS privacy standards: health care clearinghouses and health care providers who conduct certain financial and administrative transactions electronically, health plans. The law does not give the US government the authority to regulate other types of private businesses or public agencies (e.g. life insurance companies, public agencies that deliver social security or welfare benefits, etc.). However, if a covered entity contracts with another organization that accesses the protected health information, the latest falls under the “business associate” definition according to HIPPA.
Q: Is a software provider considered to be a “business associate” according to the privacy standards?
A: If the software provider does not have an access to the protected information, no business associate relationships happen.
According to the HHS, “the mere selling or providing of software to a covered entity does not give rise to a business associate relationship if the vendor does not have access to the protected health information of the covered entity. If the vendor does need access to the protected health information of the covered entity in order to provide its service, the vendor would be a business associate of the covered entity.”
Q: Does WorkTime access the protected health information?
A: No, WorkTime employee monitoring software neither needs nor has the access to secure and sensitive health information in order to provide its service.
The HIPAA Privacy Rule focuses on limiting the use and disclosure of sensitive personal health information (PHI), whereas WorkTime products neither access, nor collect/transfer any patient PHI. WorkTime components are installed on customers’ computers/servers, as well as all the information recorded by WorkTime Corporate is located on the customer’s computers/servers.
Moreover, WorkTime products are intended for performance monitoring, not for spying, WorkTime employee monitoring software supporting no spying functionality that might infringe on employees’ privacy. All the information recorded is intended for employees performance monitoring only. Read more here here: Technical Specifications of WorkTime Corporate
This article provides general information only. This information is for general understanding only and not to be used as a legal advice. To receive professional legal advice, please consult your lawyer.
By WorkTime employee montoring software www.worktime.com