Health Insurance Portability and Accountability Act (HIPAA)

Megafluence, in its capacity as a business associate, enables its Customers’ compliance with HIPAA requirements Learn more >

Summary

Megafluence only allows customers to process PHI within its solution offerings designated as “HIPAA Eligible Services.”

To support its HIPAA-regulated customers, Megafluence enters into a BAA with its covered entity and business associate customers that intend to store or process PHI within one or more HIPAA Eligible Services.

In the BAA, Megafluence makes contractual assurances about data safeguarding, reporting (including breach notifications), and data access in accordance with HIPAA regulations. Megafluence helps customers support HIPAA compliance by adhering to the HIPAA Security Rule requirements in its capacity as a business associate, including the implementation of the required technical, physical, and administrative safeguards.

There is currently no certification program approved by the U.S. Department of Health and Human Services (“HHS”) through which any entity could demonstrate compliance with HIPAA and HITECH. Similarly, HHS does not recognize or endorse any entity, person, product, or service as HIPAA compliant.

About HIPAA

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the regulations issued under HIPAA are a set of U.S. healthcare laws that, among other provisions, establish requirements for the use, disclosure, and safeguarding of protected health information (“PHI”).

The scope of HIPAA was extended in 2009 with the enactment of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act that was created to stimulate the adoption of electronic health records and supporting information technology.

HIPAA applies to covered entities and business associates. Covered entities are health plans, health care clearinghouses, and most health care providers while business associates are, generally, entities that create, receive, maintain, or transmit PHI on behalf of a covered entity or another business associate. Cloud service providers (“CSPs”) such as GHL are generally classified as business associates if their customers disclose PHI to them. The same is true for any CSPs that subcontract for Megafluence.

HIPAA regulations include:

The Privacy Rule, which requires appropriate safeguards to protect the privacy of PHI and imposes restrictions on the use and disclosure of PHI without patient authorization. It also gives patients the rights over their health information, including rights to examine their health records and request corrections.
The Security Rule, which sets the standards for administrative, technical, and
physical safeguards to ensure the confidentiality, integrity, and security of electronic PHI.
The Breach Notification Rule, which requires covered entities and their business associates to provide notification when a breach of unsecured PHI occurs.

HIPAA regulations require that covered entities and business associates obtain satisfactory assurances from their business associates that they will adequately protect the PHI that they are entrusted with. This is largely accomplished through a contract called a Business Associate Agreement (“BAA”) which, among other things, establishes the permitted, required, and prohibited uses and disclosures of PHI by the business associate, based on the relationship between the parties and the activities and services being performed by the business associate.

Megafluence enables you in your compliance with HIPAA and the HITECH Act and adheres to

the HIPAA Security Rule requirements in its capacity as a business associate.

Frequently Asked Questions

Does having a BAA with Megafluence ensure my organization's compliance with HIPAA

No. By offering a BAA, Megafluence helps sup-port your HIPAA compliance, but using Megafluence services or other cloud or consulting services doesn't guarantee compliance of such services. Your organization is responsible for ensuring that you have an adequate compliance program and internal processes in place. You're wholly responsible for ensuring you rown compliance with all applicable laws and regulations.

Can Megafluence use my organization's BAA?

No. Megafluence can't use a customer's BAA. Because we offer hyper-scale, multi-tenant services that are standardized for all customers, we must operate our services in a consistent manner. The Megafluence HIPAA BAA reflects closely how we operate our cloud services which are primarily provided by GHL and BAAM. To address the needs of the healthcare industry, the Megafluence's BAA closely aligns to others in the healthcare industry.

How can I get copies of the other third party audit reports?

The Megafluence Trust Center provides independently audited compliance reports.

What is the current list of HIPAA Eligible Services?

Contact the Megafluence Sales Team for more information, but in summary or eligible services that have any association with PHI include the Megafluence Suite (powered by GHL), our 24/7/365 support (powered by BAAM), our risk assessment services (provided by CRISP) and cybersecurity testing and monitoring services (powered by Capital Cyber Partners) as well as our business development coaching and consulting services.

Where can I get the BAA?

Please contact us at [email protected]

The information contained in this document is for general informational purposes only and is provided on the understanding that Megafluence is not engaged in rendering legal advice. The responsibility to adopt appropriate measures to meet the requirements set forth by HIPAA/HITECH rests with each business and Megafluence accepts no liability for any actions taken in response to this paper. As such, it should not be used as a substitute for legal or professional consultation.

For more information on HIPAA, go to HHS.gov for a summary of the HIPAA Privacy Rule

Protected by copyright and trademark laws of the United States and international treaties.

This website may only be used pursuant to the subscription agreement and any reproduction, copying,
or redistribution (electronic or otherwise, including on the World Wide Web),

in whole or in part, is strictly prohibited without the express written permission of Megafluence, Inc.