Are new healthcare tech tools HIPAA compliant?

An open Mac laptop with a blue stethoscope resting on the keyboard
Adobe Stock

Healthcare companies and institutions want to stay up to date with tech innovations as much as any other industry, but may be fearful that integrating new tech could put them at risk of unintentionally violating compliance regulations. 

Poorly built healthcare software could result in patient information data breaches which, depending on the severity of the breach, could cost an organization penalties that range from fines of $100 to $50,000 per violation with an annual maximum penalty of $1.5 million for each violation category, according to the HIPAA journal. 

"So many different tech tools and software and AI services have come out lately and some of the places that need it the most are healthcare organizations," says Nanxi Liu, co-CEO and co-founder of Blaze.Tech, an app and software development platform. "The problem with a lot of these new technologies is that they require engineers and developers to go and integrate with [existing systems], and that's where we see a big hurdle." 

Read more: In healthcare, why cost and quality don't match up

In a perfect world, Liu says, hospitals would have access to software engineers and developers that could do most of the heavy lifting for them and make sure any software they choose to implement is also Health Insurance Portability and Accountability Act (HIPAA) compliant. However, competition to outsource engineers and developers in the current market is tight, and hospitals — especially independent clinics — don't normally have a large enough budget to attract top tech talent, making it difficult to find someone in the timeframe they need it. 

"Healthcare organizations or hospitals also don't necessarily have a chief technology officer or a large in-house engineering team," Liu says. "So what ends up happening is that you have great technology that is out there that, unfortunately, the healthcare space is just not able to adopt." 

As a result, it may seem more  convenient for hospitals and healthcare institutions to rely on existing and affordable tools like Google Sheets and other cloud-based services to store sensitive patient information and data, which can create additional HIPAA concerns and hurdles.  In order for a system to be considered safe, there are a number of official security protocols it has to meet that includes limiting the number of records, limiting access to those records and making sure the information is transmitted securely. 

Read more: Lilly, Pfizer, Humana among best healthcare companies to work for

This is where experts like Liu have an opportunity to step in Blaze.Tech, for example, pre-packages "no code" healthcare web applications and portals specifically designed for healthcare providers and has expert IT and tech staff that specialize in HIPAA work directly with the institution to integrate it with existing systems. That speeds up adoption, Liu says, while saving time, money, and ensuring compliance. 

For organizations that want something a bit more custom, "low code" solutions are also available on the market, and enables a small amount of customization built by a developer, but requires less commitment from tech talent, which may make recruiting easier. 

"For companies in healthcare companies where they need a patient portal that's connected then to a doctor portal and a hospital administrator portal — it's all very custom," Liu says. "There's no 'no code' solution that can fulfill these custom apps that they need. So that is a space we fill where you can have all the ease of traditional 'no code' platforms and also opt for the flexibility of a 'low code' system." 

Read more: Why data is the missing link to affordable healthcare

Making it easier for healthcare providers to leverage better and more efficient tech can accomplish more than just keeping information secure. It can also have a positive impact on lowering healthcare costs for patients and increasing accessibility to both care and their healthcare information. 

"It's ultimately going to get us to what everybody wants," Liu says. "Healthcare organizations need to have the pathways to build those automated workflows and get to take part in the digital transformation that everybody is always talking about." 

For reprint and licensing requests for this article, click here.
Regulation and compliance Technology Healthcare
MORE FROM EMPLOYEE BENEFIT NEWS