Compliance

HIPAA and HITECH


Virtustream cloud services include offerings purpose-built for healthcare providers that want to modernize their health IT environment. These offerings, under the Virtustream information security program, meet applicable Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) safeguards and requirements. Virtustream has completed an independent third-party assessment by a certified public accounting (CPA) firm of Virtustream Enterprise Cloud against the application controls of HIPAA and HITECH as part of our SOC2 reporting.

Virtustream cloud services subject to HIPAA and HITECH commitments include:

  • Virtustream Enterprise Cloud
  • Virtustream Healthcare Cloud

Region: Global

About HIPAA and HITECH:

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets security standards or requirements for protected health information (PHI) in the healthcare industry. Healthcare providers use clinical applications such as computerized physician order entry (CPOE) systems, electronic health records (EHRs), and radiology, pharmacy, and laboratory systems to record and share patient medical information and history. Similarly, health plans provide members with access to claims and care management, as well as member self-service applications. While this means medical record keeping can be more efficient, it increases the potential security risks. HIPAA is intended to minimize these risks.

The Health Information Technology for Economic and Clinical Health Act (HITECH) mandates audits of healthcare providers to investigate and determine if they are in compliance with the HIPAA Privacy Rule (effective in 2003) and Security Rule (effective in 2005). Together, HIPAA and HITECH establish a set of standards intended to protect the security and privacy of PHI and require appropriate safeguards.