Fluency HIPAA and HITECH Overview
Fluency enables entities and their associates to leverage the secure Fluency environment
to process, maintain, and store protected information. Fluency is able to support
the HIPAA and HITECH regulations, as well as the ability to sign HIPAA Business
Associate Agreements (BAAs) with customers. Fluency works hard to maintain our ongoing
investment in enterprise security, compliancy and control for our customers.
What is HIPAA, HITECH Act and the Final HIPAA Omnibus rule?
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996.
It is a federal mandate that requires specific security and privacy protections
for Protected Health Information (PHI). More information around HIPAA can be found
here: http://www.hhs.gov/ocr/privacy/index.html
HIPAA was expanded by the Health Information Technology for Economic and Clinical
Health (HITECH) Act, which was signed into law in 2009. HITECH was implemented to
promote the adoption and meaningful use of health information technology in the
U.S.
In 2013, the final HIPAA Omnibus rule set further statutory requirements, which
greatly enhanced a patient’s privacy rights and protections, including holding all
custodians of Protected Health Information (PHI) — including HIPAA Business Associates
(BA) — subject to the same security and privacy rules as Covered Entities under
HIPAA.
How does Fluency facilitate HIPAA compliance for its customers?
The Fluency environment meets the obligations required by HIPAA, HITECH, and the
final HIPAA Omnibus ruling.
Fluency has a standard BAA we present to customers for signature. A signed BAA should
be in place prior to storing any Protected Health Information (PHI) in the Fluency
environment.
Customers are also responsible for enforcing policies in their organizations to
meet HIPAA compliance.
Is Fluency HIPAA-Certified?
There are no official government or industry certifications for HIPAA compliance.
In order to support HIPAA compliance, Fluency has reviewed the HIPAA regulations
and updated its product, policies and procedures to support customers around their
need to be HIPAA compliant.
How does Fluency support HIPAA compliance within its product and platform?
In addition to being able to sign HIPAA Business Associate Agreements (BAAs), Fluency
has the following features in its product as well as organizational policies:
- Data encryption in transit and at rest
- Restricted physical access to servers
- Strict logical system access controls
- Configurable administrative controls available to the customer to:
- Grant explicit authorization to customer files to read, download, edit, lock and
password protect files
- Reporting and audit trail of account activities on both users and content
- Training of employees on security policies and controls
- Employee access to customer data files are highly restricted
- Greater than 99.5% uptime SLA
What types of customer and administrator controls does Fluency have that are relevant
to HIPAA requirements?
- Controls to provide reasonable assurance that only authorized individuals from the
user entity are granted the ability to access, modify, and delete information from
the application.
- Controls to provide reasonable assurance that the user entity’s method for accessing
the application is configured with proper logical security protocols.
- Controls to provide reasonable assurance that the confidentiality of the user entity’s
sensitive information is not compromised by its users.
- Controls to provide reasonable assurance for defining and granting access to users
permitted by the user entity.