Our Compliance
We follow all HIPAA regulations and require a business associate agreement to be signed. As a business associate of covered entities, it is our duty and requirement to follow HIPAA regulations. Our compliance ensures that all patient data is kept safe at all times.
Keep reading to learn more about our compliance.
From hhs.gov
Electronic Protected Health Information
The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI). The Security Rule protects a subset of information covered by the Privacy Rule, which is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information electronic protected health information (e-PHI).
Our Administrative Safeguards
Security Management Process
Our security management process is thorough and its goal is to identify and analyze potential risks to e-PHI. When risks or vulnerabilities are found, we respond immediately to fix and analyze the situation.
Security Personnel
We have a security officer that is designated for developing and implementing security policies and procedures.
Information Access Management
All information goes through a procedure that follows the policy of a recipient’s role. Only people who have access to the data will be allowed.
Workforce Training and Management
Employees that work with and deal with sensitive data are trained to follow all security and procedural policies set in place by our security officer.
Evaluation
We perform periodic assessments on our security policies and how effective they are. Our goal is to ensure full compliance at all times.
Our Physical Safeguards
Facility Access and Control
Facility access and control is limited and only persons with authorized access are allowed.
Workstation and Device Security
All workstations, devices and electronic media are protected from unauthorized access and use. We have policies and procedures that deal with transfer, removal, disposal and re-use of all electronic media to protect e-PHI.
Our Technical Safeguards
Access Control
Our access control policies and mechanisms only allow authorized persons to access e-PHI.
Audit Controls
We have procedures and software in place that audit and examine access of protected information.
Integrity Controls
All e-PHI is protected from improper alteration or destruction using access control systems and change logging.
Transmission Security
All data sent and received is protected during transmission using industry security standards to prevent unauthorized access.