 |
|
| HIPAA |  |
HIPAA | |
|||||||||
|
|
|||||||||||
|
|
The Health Insurance Portability and Accountability Act (HIPAA) is a collection of regulatory and legal requirements designed to govern the increased electronic transfer of health related information. This law ensures the continuity of healthcare coverage for individuals and includes a provision that impacts on the management of health information; seeks to simplify the administration of health insurance; and aims to combat waste, fraud and abuse in health insurance and healthcare. We at Oriental Solutions take confidentiality of patient information very seriously. We believe that emerging privacy and security requirements captured by regulations such as HIPAA are an important improvement to the healthcare industry. We have a set of administrative procedures and policies (based on HIPAA guidelines) to protect the confidentiality and integrity of all the patient information given to us. This includes all associates signing a non-disclosure/confidentiality policy statement. Currently, we believe our service offering meets or exceed HIPAA guidelines in the four categories, Administrative Procedures, Physical Safeguards, Security Services, and Security Mechanisms. We update our privacy and security policies based on the inputs given by the HIPAA consultants. For more information on HIPAA, click here to go to http://www.hipaa.org The following are a few of the measures Oriental Solutions has in place to protect the confidentiality, integrity and availability of protected health information: Encryption technology for transmission of information.
Security measures to assure that the production facility and our corporate office are protected from unauthorized individuals.
Restricting number of users who can access information by utilizing user IDs and passwords; and changing passwords regularly.
Measures to ensure that someone passing by a workstation could not inadvertently review patient information.
A comprehensive data back up and storage plan.
Redundant computer systems to ensure availability of patient data.
Point-to-point audit trails that trace all actions from audio file input through completed report distribution.
User access privileges that are based on title, experience level, department or access requirements as assigned by the organization.
We implement corporate privacy and security policies, and ensure effective organization-wide privacy and security awareness.
Validation of current operational and technical business practices to ensure privacy and security of protected health information.
Development, implementation and monitoring of privacy and security awareness, education and training program, as well as compliance program.
Assist our clients in the ongoing process of negotiating and finalizing the required business associate agreements.
Going forward, our guiding principle is to make every reasonable effort to be knowledgeable and responsive regarding any changes in the Final Privacy Rule and Security Rule, and to act as a compliant Business Associate.
|
|
Do you have a formal privacy awareness, education and training program available to its workforce? Have you conducted a technical and non-technical evaluation of the implemented security standards?
|
