Our HIPAA Compliance Program Declaration
To ensure we are compliant with HIPAA and HITECH Act, ensure that we have the required safeguards in place to protect ePHI, and demonstrate to our clients our good faith effort toward HIPAA compliance:
- WE have developed and implemented, a comprehensive HIPAA Compliance Program following the HIPAA Privacy and HIPAA Security Rule – focusing on the administrative, physical and technical requirements of the HIPAA Security Rule as it applies to any potential risk associated with the use of PHI in our business.
- WE have a designated HIPAA Privacy and Security Compliance Officer with a background in hospital administration.
- WE have provided every member of our staff, to include new hires, both annual and refresher training on a quarterly basis, even if they don’t have access to PHI on the job, to include training on both the secure storage and disposal of PHI.
- WE have a formal established Employee Sanctions Policy should any HIPAA compliance violation occur.
- WE ensure updated technological protocols such as: tight access controls, integrity procedures, security patch, antivirus updates and firewalls, information systems activity monitoring and other audit mechanisms to record and examine access in information systems that use ePHI, use of one of the best encryption, automatic logoffs, password management procedures, and utilize a highly secure VPN tunnel.
- WE have conducted a formal HIPAA risk assessment to identify and document any area of risk associated with the storage, transmission, and processing of ePHI and have analyzed the use of our administrative, physical, and technical controls to eliminate or manage vulnerabilities that could be exploited by internal or external threats.
- WE have taken the concept of “minimum necessity” to a whole other level and limited access to ePHI to the barest minimum, reviewing each and every employees’ specific job tasks during our risk assessment so only an extremely limited number of employees possess access to PHI.
- WE maintain limited physical access to our facilities and employ the use of continuous monitoring with on premises camera recordings.