HIPAA Solutions


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires employers to protect employee medical records as confidential. HIPAA includes regulations that cover how employers must protect employees’ medical privacy rights and the privacy of their health information (PHI).

Any healthcare provider that electronically stores, processes or transmits medical records, medical claims, remittances, or certifications must comply with HIPAA regulations.

The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information.

Examples of PHI:

Common Examples of PHI under the US Health Insurance Portability and Accountability Act (HIPAA), PHI that is linked based on the below list of 18 “identifiers” must be treated with special care include:
•Health information that identifies an individual
•Geographic data (postal addresses)
•All elements of dates directly related to an individual
•Telephone numbers
•FAX numbers
•Email addresses
•Social Security numbers
•Medical record numbers
•Health plan beneficiary numbers
•Account numbers
•Certificate/license numbers
•Device identifiers and serial numbers
•Names of relatives
•Web Universal Resource Locator (URL)
•Internet protocol addresses
•Biometric identifiers (i.e. retinal scan, fingerprints, voice prints)
•Full face photos and comparable images
•Any unique identifying number, characteristic or code

Questions and Consideration to help you determine if you’re IT Infrastructure is HIPAA Compliant:
 What Operating Systems do you use at the office?
 How do users log on to their computers?
 What antivirus program do you use?
 How often do you run patches/updates?
 What do you use for email?
 Do you ever send out PHI using email, do you want to do so in the future?
 Do you have wifi?
 Do you carry PHI offsite using any type of media, from laptops to USB drive’s?
 Do you have servers, and if so, what are they used for?
 Do you have a web site? If so, do you have any type of patient interaction with the web site?
 What kind of backup solution do you use, if any?

Upon review of the questions and considerations, if your answer is either no or you’re not sure, then there is a substantial chance that your Infrastructure is not in compliance with HIPAA law.

TechForce HIPAA IT Infrastructure Services:
 Free assessment of IT Infrastructure
 Report of findings and identification of known exposure points
 Compliance Consultation identifying TechForce Technology’s Technical Approach to assist you with IT Infrastructure compliance
 Determination of next steps towards IT Infrastructure HIPAA compliance