You can trust us: we are HIPAA compliant
By Anne Hardy
Can you keep a secret? What will it take for me to trust you to keep and protect a secret that I share with you? If you are a friend or family member, I may not need more than you saying “Yes”, but if I don’t know you, I will likely want additional guarantees or proof that I can trust you.
This is particularly true if you are an organization handling personal information about me. In such case, I will want to be reassured by others that you are trustworthy and that my information will be safe with you.
In our digital world where data flows easily and invisibly, and cybercrime increases, it is becoming harder to reassure us that our data will be safe with anyone.
Recent data protection regulations or laws such as the GDPR, CCPA, or HIPAA are meant to address this problem. They help organizations implement and maintain best data protection practices, and help ensure that whoever an organization works with can keep information safe.
While GDPR and CCPA are concerned with any Personally Identifiable Information (PII), HIPAA is concerned with Protected Health Information (PHI).
What is HIPAA?
Since 1996, the Health Insurance Portability and Accountability Act (HIPAA) has been making sure that our healthcare data is protected under US law. In order to ensure HIPAA compliance, any company that deals with such data, often referenced as electronic protected health information (ePHI) must have technical and nontechnical safeguards in place to secure such information.
Also, anyone providing treatment, payment, and operations in healthcare, and any other business or entity that has access to PHI and provides support in treatment, payment, or operations must meet HIPAA Compliance (and ensure that their subcontractors are in compliance as well).
How much does HIPAA cost?
In 2013, the U.S. Department of Health and Human Services estimated HIPAA implementation would cost all covered entities (CEs) between $114 million and $225.4 million. This estimate, of course depends, on multiple variables affecting the organization such as type, size, culture, technical environment, and dedicated HIPAA resources. What can be confirmed are the fines for noncompliance which could range from $100 to $50,000 per violation, with a maximum fine of $1.5 million per violation category per year.
You can trust Talend: we are HIPAA compliant
In order for Talend to sell to entities which would process ePHI with our products, we have to be HIPAA compliant too. It is as simple as that.
Over the past year we have been working hard to become HIPAA compliant and on February 11 of this year, we announced in an official press release that we had qualified as a business associate under the HIPAA and had become certified under the of EU-U.S. Privacy Shield.
With these compliance standards met, we will now be able to expand our work within the healthcare industry and assist more clients that may handle ePHI.
What are the benefits of HIPAA compliance for our customers?
Naveen Venkatapathi, the president of Talend partner Wavicle Data, which jointly creates solutions for Talend’s customers (including those in the healthcare industry), is delighted by the new certification. He notes, “By incorporating technical, physical, and administrative safeguards to protect PHI, Talend has made it much easier and safer for customers to get a complete view of patient care or provider operations, for example.”
He points out that the benefits of Talend for healthcare data integration include:
- Comply with HIPAA and HL7 healthcare standards
- Reduce development time, reduce manual coding errors which will reduce support costs
- Avoid data loss and penalties
- Improve data quality
- Standardize integration of health data
- Enable analytics with reliable data in the data warehouse.
- Meet regulatory requirements with HIPAA compliant data
Naveen also notes that with the new certification, “we can implement customer solutions faster and can rely on the compliance Talend provides out-of-the box. We can also use the flexibility that Talend provides to configure and develop any unique custom features needed for the customer solution and still stay compliant with HIPAA.”
A HIPAA-compliant customer solution
Wavicle Data and Talend worked together to develop a solution to solve a complicated analytics landscape in a medical device manufacturing company that does business with distributors, clinics, hospitals and patients.
The customer had grown by acquisition of several other companies and found itself with nearly a dozen ERP systems. Getting company reports and analytics from this data was complicated and slow.
Wavicle Data worked with the customer to build a cloud-based Redshift data warehouse to aggregate and standardize the data from these many systems. Since direct patients are involved, the solution must be HIPAA-compliant to ensure patient PHI and personal information is safeguarded. They wanted a data integration solution to move data from many siloed systems into the data warehouse and it had to be HIPAA-compliant from the start.
This customer chose Talend as the data integration and integrity solution because it was HIPAA-compliant — with pre-built components for HIPAA, data privacy, and data security alongside EDI capabilities. This made it easy to build a solution that is HIPAA compliant from end-to-end. With Talend’s help, the customer was able to integrate with trading partners securely in EDI formats.
Beyond HIPAA: our commitment to Security and Privacy
In order to maintain HIPAA compliance, we will ensure that reasonable and appropriate technical and non-technical safeguards are in place.
HIPAA compliance is just one of the standards that we want to offer to our customers as guarantees that they can trust us with their data (ePHI or other).
As Chief Information Security Officer (CISO) I will make sure that we lead with Security and Privacy.
Stay tuned for more Security and Privacy updates from us.