September 18th, 2013 by IX: Legal
As part of IX Web Hosting’s ongoing compliance initiatives, we have identified recent changes in the Health Insurance Portability and Accountability Act (“HIPAA”) that may impact some of IX’s customers. Specifically, these changes require Covered Entities and all of their Business Associates who create, receive, maintain transmit or have access to protected health information (or the possibility exists that the protected health information in the business associate’s custody or control could be compromised) to independently comply with HIPAA.
To help identify those customers who may be impacted, IX is asking its customers to notify IX if they are considered a Covered Entity or Business Associate under HIPAA and store or transmit electronic protected health information using IX’s services. IX will assume that the recent changes in HIPAA do not impact IX customers who do not identify themselves as a Covered Entity or Business Associate. IX has also updated its Terms of Service with customers to prohibit the use of protected healthcare information on websites that IX hosts.
If you answer “yes” to both of the following questions, please contact firstname.lastname@example.org no later than 09/23/2013.
- Is your business a Covered Entity or a Business Associate as defined by the Health Insurance Portability and Accountability Act of 1996 or HIPAA (45 CFR 160.103)?
- If so, are you maintaining or transmitting Protected Health Information or PHI (defined in 45 CFR 160.103) using any of the IX services?
If you did not answer “yes” to both of the above questions, there is no need for further action
Please see below for some frequently asked questions.
We appreciate your cooperation and look forward to continuing to serve you.
If I answer “yes” to both questions will my service be impacted or change as a result of the new regulations? What if I answer “no”?
If you answer “yes” to both questions your services will change. You must transfer to another hosting provider. Upon request, we can provide you with the name of a provider who is HIPAA compliant and operating in a HIPAA compliant data center. If you answer “no”, there will be no changes to your services at this time.
If I answer “yes” to both questions what will IX do with the information that I provide?
IX will use the information to recommend you transfer your account to a provider who can supply HIPAA compliant services.
Will I be contacted by an IX representative whenever new regulations apply to my business?
Not necessarily. We may contact you if the regulations apply to and affect IX’s provision of services to you.