 |
HIPAA COMPLIANCE STATEMENT
We at HDI realize that our clients, most of whom are healthcare
claim payors, must comply with all aspects of confidentiality of
patient data. We require access to numerous data elements associated
with claims, including patient and provider information. As such,
HDI has taken steps to ensure its compliance with both the Gramm-Leach-Bliley
Act and HIPAA requirements.
Our key aspects to our existing policies include, but are not limited
to, the following:
All HDI employees are required to sign a confidentiality agreement
with HDI. These agreements provide HDI the right to terminate employment,
if the confidentiality breach is deemed to be significant, harmful
or damaging to HDI, its clients, and its client's insured members.
These confidentiality agreements also provide sanctions for employees
as recommended by HIPAA.
All patient and provider specific information that we receive or
generate as a result of delivering our services is treated as confidential,
and it is not disclosed to those who do not have a need to view
it in relation to the services we deliver to our clients. The electronic
data is stored on secure computer servers and PC workstations, which
require a unique user name and password to access such data.
All patient and provider information that exists in printed format
is contained within designated working spaces. Information that
requires mailing is secured in a sealed envelope prior to leaving
HDI's premises.
All HDI Client and Vendor agreements include a Business Associate
Addendum. The incorporation of this Addendum ensures that all parties
involved in the use and/or disclosure of protected health information
to be in compliance and that they will remain in compliance with
current HIPAA Regulations. The Addendum also outlines the procedures
the parties must follow, with regard to protected health information,
upon termination of their Agreements.
In relation to many significant areas of HIPAA, our compliance is
as follows:
UNIFORM CODES AND DATA TRANSMISSION
HDI currently accepts data directly from our clients. Therefore,
we are able to receive and re-transmit data to our clients or other
parties involved with the delivery of our services in HIPAA compliant
formats. With regard to data elements, formats and definitions,
we have a plan to ensure that its software is updated with the latest
medical data code sets, through our partnership with various vendors
and other healthcare data source providers.
We will continue to monitor the latest HIPAA news and legislation
to ensure our compliance, where required and as agreed upon with
our clients.
PRIVACY AND SECURITY
We understand the sensitivities and the seriousness associated with
the privacy of healthcare data. We also understand that covered
entities are required to contract with business associates that
will also be handling individually identifiable healthcare data
and that policies and procedures must be put in place in order to
ensure the privacy and security of such data.
Therefore, the following steps have been taken:
| |
 |
We have designated a Privacy Officer. The Privacy Officer has the responsibility for the development and implementation
of HDI's policies and procedures. This position also works closely
with clients to understand their requirements, and then ensure
that HDI complies with them. The Privacy Official is also the
person responsible for monitoring the ongoing requirements of
HIPAA, if any, and is designated to receive complaints with
regard to privacy compliance.
|
| |
|
We have established "logging" mechanisms that
will document access to protected healthcare information.
|
| |
|
We have established training programs focused
on privacy policies so that our employees learn how to appropriately
handle individually identifiable health data according to HIPAA
mandates.
|
| |
|
We have established procedures to receive and
resolve complaints, plus sanctions for employees who fail to
comply with privacy policies. HDI takes non-compliance with
privacy policies seriously, and promotes a zero tolerance policy.
We have also established physical safeguards for information,
including protection around electronic processing and storage.
|
Contact Us
For any additional questions or concerns, please contact:
HealthDataInsights, LLC
Contract Manager/Privacy
Email: Privacy@emailhdi.com
HIPAA Websites:
http://aspe.os.dhhs.gov/admnsimp
http://www.hcfa.gov
http://www.HIPAAdvisory.com
|
|
