Hightail and HIPAA Compliance
Hightail and HIPAA
- Is Hightail subject to HIPAA compliance?
Hightail, by the nature of its business, is not subject to HIPAA compliance.
- Does Hightail help those customers who are subject to HIPAA compliance?
Yes. Hightail has many customers using our Enterprise and individual accounts to securely deliver Protected Health Information (PHI). Organizations subject to HIPAA or HITECH regulations can rely on Hightail for secure content delivery.
Hightail has controls in place to help those Hightail customers who are subject to HIPAA compliance. For example, with Hightail, all data in transit is encrypted using strong SSL/TLS encryption up to 256-bit and supporting forward secrecy. File names are dynamically scrambled. All data in Hightail's secure data centers is encrypted using AES 256-bit encryption.
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) aims to ensure health information privacy. The Office for Civil Rights enforces the HIPAA Privacy Rule, the HIPAA Security Rule, and the confidentiality provisions of the Patient Safety Rule.
Under HIPAA, the Privacy and Security Rules apply only to covered entities. Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If an entity is not a covered entity, it does not have to comply with the Privacy Rule or the Security Rule. Hightail is not a covered entity.
Covered Entities that Must Comply with HIPAA Include:
- Health Care Providers: doctors, clinics, psychologists, dentists, chiropractors, nursing homes, pharmacies – if they transmit any information in an electronic form in connection with a transaction for which the U.S. Department of Health and Human Services (HHS) has adopted a standard.
- Health Plans: health insurance companies, HMOs, company health plans, and government programs that pay for healthcare, such as Medicare, Medicaid, and the military and veterans health care programs.
- Health Care Clearinghouses: entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
For covered entities, HIPAA compliance includes:
- The HIPAA Privacy Rule, which protects the privacy of individually identifiable health information.
- The HIPAA Security Rule, which sets national standards for the security of electronic protected health information.
- The Confidentiality Provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.