POMPANO BEACH, JULY 31, 2017 – If you work in any medical field, there are five letters burned into your brain, H-I-P-A-A. As part of the Health Insurance Portability Accountability Act of 1996, commonly referred to as HIPAA, Congress mandated the enactment of federal standards to ensure that important and private health information remains secure. HIPAA took form through two different rules, both of which serve the purpose of properly handling protected health information (PHI).
The two rules are the Privacy Rule and the Security Rule, and organizations must abide by them to meet HIPAA standards. The Privacy Rule sets standards related to access to PHI by requiring appropriate safeguards and places limits on the use and disclosures of PHI without patient authorization. The Security Rule requires the confidentiality, integrity and availability of the PHI through identification and protection against reasonably anticipated threats to the security or integrity, and to protect against reasonably anticipated, impermissible uses or disclosures.
CentralReach, a leader in cloud-based software for practice management, and data collection for ABA practices and other therapy-based organizations, is focused on ensuring that they fully comply with the mandates of HIPAA. While they conduct an annual in-house audit and ongoing audits of new features, they don’t believe that this is sufficient. That’s why they recently successfully completed their SOC 3 attestation report for their cloud security platform environment. Furthermore, CentralReach once again validated their HIPAA security compliant environment through a separate audit report specific to HIPAA Security Rule compliance.
Both audits were completed by the independent auditing firm NDB (the principal member of the NDB Alliance of CPA firms). NDB confirmed that CentralReach maintained relevant effective controls over the security and privacy of their cloud-based platform holding personal health information, and the independent auditor’s report provides reasonable assurance that the CentralReach platform is properly protected against unauthorized access. This third-party oversight confirms CentralReach’s assertion that practices, policies and procedures meet the standards set forth by the AICPA for security, availability and confidentiality.
“Achieving SOC 3 Certification provides our thousands of therapy providers the assurance that they are using services that uphold the security standards their business and clients deserve, while also setting an example in the industry,” said Charlotte Fudge, co-founder and CEO of CentralReach.
Let us know how you are working to maintain HIPAA compliance in your agency in the comments below, and be sure to subscribe to bSci21 via email to receive the latest articles directly to your inbox!
Founded in 2012, CentralReach develops innovative technology and tools for therapy-based organizations in applied behavior analysis, early intervention, education, as well as speech, occupational, and physical therapies. CentralReach serves over 30,000 clinicians with its leading-edge software for practice management and data collection built by a team of clinicians and technologists. It also provides full-service implementation and ongoing support to help organizations grow and thrive. For more information, please visit centralreach.com.