Clarifying Who Must Comply with HIPAA
CategoriesSecurity & Risk Management
xMatters doesn’t have to, but we do anyway
The U.S. Congress passed comprehensive privacy regulations and requirements for “covered entities” that handle medical records and associated personal health information (PHI). Collectively, these rules are called HIPAA (Health Insurance Portability and Accountability Act). HIPAA also introduced a new security framework applicable to healthcare data that has been widely adopted across different industries.
Between healthcare providers, insurance companies, healthcare clearinghouses, and the thousands of systems that could be integrated in IT environments, it’s easy to lose track of who exactly is required to comply with HIPAA. The HHS website says:
- Health plans
- Health care clearinghouses
- Healthcare providers who conduct certain financial and administrative transactions electronically. These electronic transactions are those for which standards have been adopted by the Secretary under HIPAA, such as electronic billing and fund transfers
Why xMatters goes above and beyond for our customers
xMatters doesn’t fall into any of these categories, but we want to make sure we go above and beyond to implement controls and abide by regulations for the safety of our customers. Our aim is to increase efficiency and mobility, while decreasing risks. We achieve this by:
- Using a SaaS infrastructure which resides in Google Cloud Platform and its robust, redundant and fault tolerant infrastructure
- Implementing strict controls:
- Technical safeguards: encryption, access control, logs, inventory, etc.
- Administrative controls: risk assessments, employee training, disaster recovery, business continuity, etc.
- Continuously improving our approach towards security and privacy.
The ecosystem of healthcare technology is very complex and highly regulated. xMatters supports healthcare tech teams that need to deliver a solution for incident management. To satisfy the requirements of such healthcare providers, xMatters now complies with HIPAA privacy and security requirements.
xMatters security controls are in place to protect the privacy of individuals’ health information, while at the same time allowing covered entities to adopt new technologies to improve the quality and efficiency of data. xMatters security, privacy posture and organizational structure allows for a significant decrease in risks to client data.
xMatters has undergone external third-party verification to prove its compliance with HIPAA security requirements. xMatters continues to prove that we have implemented all the required safeguards and privacy controls to ensure the confidentiality, integrity, and availability of any protected health information we will be provided with or given access to.
As of January 31, xMatters SaaS products have adequately designed technical controls that satisfy HIPAA security requirements, and xMatters manages the data used as part of the SaaS products compliantly.
Why HIPAA matters
As healthcare providers and other entities dealing with PHI move to digitized operations, including physician order entry systems, electronic health records (EHR), and radiology, pharmacy, and laboratory systems, HIPAA compliance is more important than ever.
While all these electronic methods provide increased efficiency and mobility, they also drastically increase the security risks facing healthcare data.
We are proud to be the industry leader in Privacy Assurance. Download our third-party attestation letter from our Trust portal.
Please note: xMatters is not a “Covered Entity” under HIPAA and therefore not subject to the regulation, however a third-party audit has affirmed that xMatters is fully compliant with all HIPAA privacy and security requirements.
Try Our Advanced Features or Get xMatters Free Forever
Create a free xMatters account for up to 10 users and use it for as long as you want, and upgrade anytime. Or sign up for a 14-day trial of our advanced features!