HIPAA Compliance

Our Compliance

As a business associate of covered entities, it is our duty and requirement to follow HIPAA regulations and ensure that all patient data is kept safe at all times.

Keep reading to learn more about our compliance.

From hhs.gov

Electronic Protected Health Information

The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI). The Security Rule protects a subset of information covered by the Privacy Rule, which is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information electronic protected health information (e-PHI).

Our Administrative Safeguards

Security Management Process

Our security management process is thorough and its goal is to identify and analyze potential risks to e-PHI. When risks or vulnerabilities are found, we respond immediately to fix and analyze the situation.

Security Personnel

We have a security officer that is designated for developing and implementing security policies and procedures.

Information Access Management

All information goes through a procedure that follows the policy of a recipient’s role. Only people who have access to the data will be allowed.

Workforce Training and Management

Employees that work with and deal with sensitive data are trained to follow all security and procedural policies set in place by our security officer.

Evaluation

We perform periodic assessments on our security policies and how effective they are. Our goal is to ensure full compliance at all times.

Our Physical Safeguards

Facility Access and Control

Facility access and control is limited and only persons with authorized access are allowed.

Workstation and Device Security

All workstations, devices and electronic media are protected from unauthorized access and use. We have policies and procedures that deal with transfer, removal, disposal and re-use of all electronic media to protect e-PHI.

Our Technical Safeguards

Access Control

Our access control policies and mechanisms only allow authorized persons to access e-PHI.

Audit Controls

We have procedures and software in place that audit and examine access of protected information.

Integrity Controls

All e-PHI is protected from improper alteration or destruction using access control systems and change logging.

Transmission Security

All data sent and received is protected during transmission using industry security standards to prevent unauthorized access.