POPULAR | March 1

HIPAA Compliance for Startups

A basic overview of HIPAA Compliance for startup companies

Kevin Henry

If you’re reading this, that must mean that you have recently learned that your startup is now subject to HIPAA. Now the question is: what on earth does that mean?

Lucky for you, this is the exact reason why we’ve built Accountable. To help companies not only do everything they need to do in order to be fully HIPAA compliant, but to guide you through an incredibly complicated and vague process set forth by the government.

Startups are in a unique situation. Since most startups are software based companies, they might be dealing with thousands or hundreds of thousands of individual’s protected health information (PHI).

This sheer amount of sensitive data is enough to make anyone nervous. The importance of having physical and technical safeguards in place is paramount to the security of your user’s PHI.

One of the most interesting things about HIPAA, is that it doesn’t matter whether you are aware the you need to be HIPAA compliant or not for the law to impact you. For instance, if your company works with a healthcare company that uses your software to store any PHI, think any medical information that might be able to be traced back to an individual, then you are subject to HIPAA. This means that you need to complete your annual risk assessment, adopt policies & procedures, train all of your employees, and sign a business associate agreement with any organization that either shares PHI with you or you share PHI with.

Along with these administrative tasks, you also need to ensure that all of your data is properly secured and encrypted. This brings us to the topic of “Business Associates.” These organizations consist of any organization that discloses, creates, maintains, transmits, or receives protected health information.

You need to have a Business Associate Agreement (BAA) in place with any partners, clients, or users that might be considered a business associate (or covered entity). Most hosting companies will offer to sign a BAA with your company if you host PHI in their cloud. Other companies like, shredding companies, might need a little more push to have an agreement signed.

Chances are, unless you have loads of cash on hand, you don’t want to pay an attorney or expensive consultant to help you attain HIPAA compliance. The policies alone would cost you thousands of dollars. Fortunately, Accountable provides you with all of the necessary documents to accomplish the task of becoming compliant.

The platform is also designed to walk you through, in a step-by-step manner, all that you need to do in order to become fully HIPAA compliant. I want you to be successfuly in accomplishing this challenge of making your startup HIPAA compliant. We believe that healthcare is going to continue to be an integral part of the US economy and will boom as startups find innovative ways to transform healthcare. Good luck!