Do Injury Lawyers Need HIPAA Hosting?
Posted in Personal Injury on February 4, 2019
Confidentiality is a big part of any legal case. An attorney has a legal obligation to his or her client to keep communications between them confidential when they pertain to an ongoing case, but lawyers also need to understand other types of confidentiality requirements. Medical records are some of the most sensitive personal documents to enter any legal case, and the Health Insurance Portability and Accountability Act (HIPAA) sets forth strict confidentiality requirements for medical records used in legal matters.
What Is HIPAA Hosting?
HIPAA not only requires strict confidentiality of medical records and personal health information, it also demands implementing and maintaining a system for secure storage of digital records. If an injured person retains a lawyer for an injury case, the injured person’s medical records will likely come into play during the lawsuit. Lawyers who handle any electronic personal health information for a client qualify as business associates under HIPAA and must therefore take steps to protect this information.
HIPAA hosting allows the safe flow of protected information between HIPAA business associates. An injury attorney effectively becomes a HIPAA business associate as soon as he or she starts representing a client with any case involving the client’s protected health information. HIPAA hosting services allow business associates to easily and securely access and store a client’s protected health information for use in an active case.
Requirements for HIPAA Business Associate
The HIPAA Privacy Rule requires any party that becomes a HIPAA business associate, such as an injury attorney, to sign an agreement that clearly states the purpose of the business associate’s accessing of the protected health information. An injury attorney may need access to a client’s hospital records, counseling notes, or health insurance information. The business associate agreement also stipulates other requirements concerning security and access management.
The HIPAA Security Rule requires covered business associates with access to personal health information to identify and address any digital vulnerabilities that may allow outside access to a client’s private health information. They must also develop some sort of access management system that ensures only parties with authorization to view private health information may do so. The HIPAA Security Rule also requires regular assessments to determine potential vulnerabilities in a HIPAA information access management system.
HIPAA compliance demands physical and technical security measures, such as preventing unauthorized entry into any location where a business associates stores a client’s physical health information. This also applies to workstation access and any and all transmissions of personal health information.
How HIPAA Hosting Helps Attorneys
The HIPAA Privacy and Security Rules are extremely stringent and require strict compliance; any business associate or other party with access to protected health information must exercise that access with extreme care. Violating HIPAA compliance requirements can lead to significant legal penalties and a severely damaged reputation. Future clients will not want to hire an attorney who has a known record of mishandling clients’ protected health information.
Attorneys can rarely devote the time, energy, and ongoing support to developing robust and secure in-house HIPAA hosting structures, so managed HIPAA hosting services are essential for most injury attorneys. If an attorney fails to sign a HIPAA business associate agreement, any future exchange of protected health information could lead to a data breach, leading to significant fines, a damaged reputation, and potentially even lawsuits from angry clients should their leaked information lead to damages.
HIPAA hosting allows injury attorneys to safely access a client’s protected health information for use in an active case without running the risk of unintentional compliance violations. Any client with a case involving his or her health information in any capacity should confirm that a potential attorney has access to some reliable form of HIPAA hosting before agreeing to representation.