Health insurers are also HIPAA covered entities. They routinely use, store, transmit, and receive PHI. Implementing effective privacy and security controls requires a comprehensive understanding of their industry workflows, access requirements, job duties, and data usage.
While payors must fully comply with HIPAA privacy and security regulations, this does not mean the HIPAA risk assessment process at health insurers is identical to those at providers. First, there are some PHI disclosure exceptions that apply to all covered entities but are more routinely utilized in the patient payment, adjudication, and reimbursement process.
More significantly, since providers and payors deliver very different services, their day-to-day workflows, access requirements, job duties, and data usage are dissimilar as well. When considering a healthcare cybersecurity partner, payors will benefit from vendors with specific experience in their industry. Agio Healthcare’s existing client base includes many health insurers and we bring that experience to bear on any new payor engagements.