June 25, 2017

Designed To Help With HIPAA Compliance Issues, Will The New Google Apps Business Associate Agreement Be Embraced By Small To Mid-Sized Healthcare Companies?

Will small to mid-sized healthcare companies embrace the opportunity of cloud security integration offered by the new Google Apps Business Associate Agreement? In a recent Google Apps update connected to the HIPAA Omnibus, Google announced the introduction of the new Google Apps Business Associate Agreement for healthcare companies looking to use Google Apps. The Google Apps Business Associate Agreement provides healthcare company support through the integration of Google Apps and help with HIPAA compliance issues. The focus of the agreement is to ensure network safety and security.

Google Apps Business Associate Agreement HIPAA Compliance

Since Zephyr Networks fully supports the use of Google Apps for our client companies, it is clear that this positive step by Google will allow healthcare companies to make a cleaner transition to the security and support of cloud-based applications. The goal of the Business Associate Agreement is to remove barriers for healthcare companies to adopt Google Apps and help with HIPAA compliance challenges.

What Zephyr Networks appreciates about this forward step is the focus on helping  small to mid-sized companies that use fewer Google App services. Despite their limited use, such usage truly can improve their productivity and ensure HIPAA compliance. The Google Apps Business Associate Agreement only applies to the following Google App services: Gmail, Google Calendar, Google Drive, and Google Apps Vault.

google apps business associate agreement, hippa security

Google Apps & HIPAA Security

From extensive experience with past healthcare clients, Zephyr Networks knows the usage of such Google Apps can go a long way toward helping a business adapt to the new HIPAA requirements. Google Apps offer cloud flexibility and remote access while being safe and secure. It is a perfect combination for small to mid-sized healthcare companies faced with the challenges presented by compliance to the new HIPAA Omnibus. 

Google Apps Business Associate Agreement Questions

To sign up for the Google Apps Business Associate Agreement, a health care company representative must answer three online questions about their business:

  1. Are you a covered entity (or business associate of a covered entity) under HIPAA?
  2. Will you be using Google Apps in connection with protected health information?
  3. Are you authorized to request and agree to a business associate agreement with Google for your Google Apps domain?

Zephyr Networks Believes In Google Apps

If the response to these questions are in the positive, the company representative will be taken to the online business associate agreement. Without question, this update is targeted specifically at small to mid-sized businesses. Most larger healthcare companies already will have adopted the usage of Google Apps and other security-oriented cloud strategies to deal with the HIPAA Omnibus. If you need help with Google Apps and the decision to sign up for the Google Apps Business Associate Agreement, please call Zephyr Networks toll free at (800) 884-7559 or fill out our handy contact form.

3 HIPAA Omnibus Rule Compliance Tips For Health Care Organizations

hipaa omnibus rule, compliance, zephyr networks

HIPAA Omnibus Rule & Compliance

With March 26 being the effective date of the HIPAA Omnibus Rule taking effect, the time for your health care company to contemplate possible compliance options practically is over.  What keeps your company from being in real trouble is that Sept. 23 is the actual compliance enforcement date. The HIPAA Omnibus Rule modifies the HIPAA privacy, security and enforcement rules as well as the HIPAA breach notification regulations. These changes are complex and detailed because they include both greater accountability and documentation requirements. Such requirements complicate the rush for an implementation plan. The solution may not be simple, but Zephyr Networks can point you in the right direction to accomplish the first steps.

3 HIPAA Omnibus Rule Compliance Tips

HIPAA Compliance Tip 1: Implementation

Numerous healthcare associations, Internet resources and consultants can help your company understand the HIPAA updates, what’s changed from the earlier versions of the HIPAA Omnibus Rule, and where the risks are to your company. How complicated the implementation plan is depends on how compliant your program is today with past HIPAA standards and rules.

Your health care organization should be able to use the HHS Security Framework as a baseline and develop a compliance program. Still, very few people in the health care industry have read the entire HIPAA Omnibus Rule. It is extremely lengthy so the best bet is to use the search feature of your PDF reader and look for “Final Rule.” Read and understand every section that starts with this heading. Make sure you have good policies, documentation, processes and controls in place to meet each standard. Zephyr Networks can help our clients with the network security procedures and IT needs that apply.

In addition, The National Institute of Standards and Technology offers numerous free guidelines for how to create and manage security programs, including a HIPAA Security Resource Guide and HIPAA Toolkit.

HIPAA Compliance Tip 2: Operational Compliance

The operational goal of every compliance program should be simplicity and universal application in the context of your company. Each compliance program can be measured against the metrics used by the Health and Human Services’ Office for Civil Rights in its HIPAA audit program protocol. Compare your program of processes, controls, policies and training against the 78 security, 81 privacy and 10 breach elements. If you believe there is a gap, you most likely have identified a risk. The IT experts at Zephyr Networks can aid you in this complex process.

HIPAA Compliance Tip 3: Ongoing Transition Plan

The rise in reporting of breach incidents combined with the new hefty fines should motivate your motivate your health care company to prioritize an ongoing transition plan. By working with a quality IT and network security provider like Zephyr Networks, you can help guarantee that the initial push becomes an ongoing part of your business model. When it comes to regulations as complex as the new HIPAA Omnibus Rule, one initial push is not enough. Your health care company has to focus on creating an ongoing transition plan that turns the initial shift into a part of your company’s inherent culture and technological approach . Implementation must evolve to become a normative state of being.

After all, your health care company’s goals in this compliance process of implementation is the same as the main goal behind the new HIPAA Omnibus Rule. Like the new rules that have expanded HIPAA, a big part of your company’s ultimate goal is to improve the quality, integrity, and confidentiality of your patient’s protected health information. Still, Zephyr Networks understands how intimidating compliance with the new HIPAA Omnibus Rule can be for any health care company or business. This is why the information technology experts and network security consultants at Zephyr Networks are available to help your health care company navigate these dangerous waters.