Metro Data Center is HIPAA Compliant
Metro Data Center LLC has implemented reasonable and appropriate solutions, management policies and procedures, which comply with these HIPAA Privacy and Security Rule Standards and Implementation Specifications. Since key HIPAA specifications are tested as part of the Trust Services Principles: Security Criteria within the SOC 2 Audit, as noted within the SOC 2 Description of Systems (Section I), and procedures were completed for the Trust Services Principle: Security Criteria, (SOC 2 Section III). The SOC 2 documents provide a cross-reference table that clearly provides the linkage between HIPAA defined security rules and the Security Principle Con-trol Reference Number (#) for each SOC 2 Security Criteria noted with in Section III of the Crowe Horwath SOC 2 report.
The HIPAA “Core Areas Security Rule Standards and Implementation Specifications” are cross referenced to the “SOC 2 Control Refer-ence (Security Principles)”, which is included in Section III of the SOC 2 report. Further, the cross-reference table represents the HIPAA Security Rule Standards and demonstrates Metro Data Center LLC’s ability through the SOC 2 Procedures, to comply with each individ-ual specification.
Health Insurance Portability and Accountability Act
HIPAA is a set of standards introduced by the U.S. Congress in 1996. The Act consists of rules governing protected health information (PHI) including Security, Privacy, Identifiers, and Transactions and Code Sets. The purpose of the HIPAA Security Rule is to promote the protection and privacy of sensitive PHI used within the healthcare industry by organizations called “covered entities”. As a result of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, both covered entities and business associates are now accountable to the HHS and individuals for appropriately safeguarding private patient information.
Metro Data Center executes business associates agreements with its clients; where applicable. These HIPAA Security Rule Standards and Implementation Specifications have four major sections, created to identify relevant security safeguards that help achieve compli-ance: 1) Physical; 2) Administrative; 3) Technical; and 4) Policies, Procedures and Documentation Requirements.