The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996.
If you collect, process, store or transmit personal health information (PHI) including medical records, you will need to pass an audit to meet HIPAA compliance. As such certain technologies and procedures are recommended for people who deal with PHI, even if they're not explicitly stated in HIPAA standards.
The rules and regulations in the Code of Federal Regulations (CFR) that pertain to HIPAA dictate that Online Tech, as a business that deals with clients’ PHI, must:
- Protect the availability, integrity and confidentiality of personal health information
- Have Business Associate Agreements (BAAs) with clients who have personal health information
- Report any violations of personal health information misuse to the Office of Civil Rights that audits, fines and charges companies and individuals for HIPAA violations).
HIPAA guidelines regarding data retention state that the logs (access/activity) and protected health information documentation proving that the covered entity is adhering to the HIPAA Security Rule are retained for six years. This regulation mandates that records are to be retained for essentially any interaction with patient personal health information and personally identifiable information (PII), which is covered under HIPAA.
HIPAA requires that internal audits of this data are performed regularly. In the event of a breach, it is required by HIPAA laws that the covered entity be able to produce this information when subpoenaed.
WeVPN is NOT HIPAA compliant due to our no logging policy.