Recent requests by the Office of Inspector General for the Health Resources and Services Administration (HRSA) to improve oversight of the cybersecurity of the Organ Procurement and Transplantation Network (OPTN) has led to increased concerns about the overall safety and security of the nation’s system for allocating and distributing lifesaving organs recovered for transplant.
This lack of confidence in the organ donation system has led to calls for change from a variety of sources, concerned about the protection of personal and medical information of donors, candidates for transplant and transplant recipients.
While there is no requirement for organizations to obtain HIPAA certification, as a leader in providing healthcare supply solutions to the organ donation and transplant community, MediGO sought HIPAA certification to ensure clients and partners that they have undergone rigorous planning and review to achieve this designation. HIPAA certification provides peace of mind to business partners and members of the public that MediGO intends to operate compliantly and protect the nation’s personal and health data.
To achieve this designation, MediGO had to adopt the best privacy practices and implement administrative, technical and physical safeguards outlined in the HIPAA Security rule.
For an entity to be certified as HIPAA compliant, third-party certification experts review seven areas:
- Demonstrated compliance with the administrative, technical and physical safeguards through rigorous asset and device audits and IT risk analyses
- Remediation plans to address potential lapses in performances
- Regulatory compliance through the development of comprehensive policies and procedures
- Employee training
- Adequate protection and filing of HIPAA-required documentation
- Implementation of Business Associate Agreement processes
- Ability to deploy incident management procedures should a data breach occur
To build deeper relationships with customers and demonstrate its commitment to high-trust operations, MediGO has chosen to display a HIPAA-compliant badge. This badge signifies to employees and partners that MediGO is proud of the team’s commitment to remain compliant with HIPAA regulations. Unlike other certifications, HIPAA certification has no ending date; rather companies are expected to maintain a state of perpetual readiness. This investment in training, systems and infrastructure to maintain this certification solidifies MediGo’s brand promise of Confidence Delivered.