Web Designed by QURAISHI COPMUTERS

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Maintaining the privacy and security of medical records is an extremely important duty and indeed one that is mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The HIPAA Privacy Rule requires covered entities (health plans, healthcare clearinghouses and healthcare providers) to make reasonable efforts to limit the use or disclosure of, and requests for protected health information (PHI) to the minimum necessary to accomplish the intended purposes. The uses of PHI are limited to those related to treatment, payment and healthcare operations (TPO). Covered entities are further required to contractually bind other entities (“Business Associates”) with whom they share Protected Health Information to ensure that those entities also comply with restrictions related to PHI.

Asawarah Commitment

Asawarah, Inc. is committed to ensuring that all necessary policies, procedures and safeguards are in place at all times to comply with HIPAA Privacy Rule requirements in the handling of protected health information in all areas of the company and with any and all business associates or sub-contractors that are permitted access to PHI.

Policies & Procedures

HIPAA Security Policies and Procedures fall into the following three categories:

• Business
• Practices Workflow & Application Security
• Data Center Physical & Electronic Security

Business Practices

• HIPAA Compliance Management: Asawarah has established a HIPAA Compliance Management Committee consisting of the CEO, and department director-level managers of the company. This committee is responsible for defining and enforcing compliance procedures and processes.
• HIPAA Training: All employees of the company attend formal training to ensure they understand the security requirements and are equipped to comply with all policies and procedures.
• Confidentiality Agreements: All employees of the company are required to sign a confidentiality agreement and non-disclosure agreement relating to PHI.
• Business Associate Agreements with Contractors: All contractors of the company with access to PHI must enter into a business associate agreement that requires full compliance with all HIPAA requirements and all Asawarah Privacy safeguards. In particular:
• No contractor of the company is permitted to further sub-contract work for the company where PHI is involved.
• All contractors must employ in-office staff and PHI may not be removed from office premises under any circumstances.
• All staff of contractors with access to PHI must sign confidentiality and non-disclosure agreements that bind them to comply with HIPAA privacy rules.

Workflow and Application Security:

• During the processing of voice files to completed transcribed documents, only medical transcriptionists (MT) and quality control (QC) personnel are permitted access to files.
• Processes are in place to prevent unauthorized electronic transmission of these records to other parties. For example:
• Access to the production floor is strictly limited to authorized personnel.
• User authentication via unique user logins and passwords are required to access any file containing PHI.
• Audit trails identifying all users who have accessed or edited PHI are maintained.
• All floppy disk drives and USB ports are disabled to prevent copying of files to unauthorized media.
• Internet access is limited and monitored.
• The production process is operated as a paperless environment and network printer access is limited restricted.
• All printed materials are shredded after their useful life, typically less than 24 hours.
• All files containing PHI are removed from production floor PC’s and
  servers after successful transmission to the Asawarah data center servers.

Data Center Physical & Electronic Security

• This category includes safeguards to protect physical computer systems and related buildings and equipment from intrusion as well as fire and other environmental hazards. The use of locks, keys, and administrative measures used to control access to computer servers and facilities are also included. Asawarah servers and databases are housed in state-of-the-art data centers with geographic redundancy.
• he data center facilities provide a secure, climate-controlled environment that is operational 24 hours a day, 7 days a week, and 365 days a year.
• The data center is physically secured and requires the use of special electronic access codes to enter. Keys are only issued to individuals authorized by the HIPAA compliance committee.
• Logs of all entry and exit from the facility are automatically maintained.
• The data center facilities are equipped with climate control systems, fire detection and suppression systems, and backup UPS and generator.
• All Asawarah servers and databases are located on a secured internal network that is protected by state-of-the-art Cisco Secure PIX Hardware Firewalls.
• Asawarah uses Microsoft SQL Server 2000 databases and implements the SQL Server Security Model. In summary, this model addresses security at multiple layers including securing access to the server, securing access to the database, securing access to database objects, and securing access through application roles.
• A complete access audit trail is maintained including user session information.
• All database transactions are logged.

 

navigation

• HomeServices
• About Us
• Help & Support
• Contact
• Jobs
Members Area FeedBack Terms of Service

LEGAL RESEARCH

You can engage our team of professionals to research CASE LAW, analysis of briefs, preparing counters for petition, points for objections, study and brief about new areas of law which are not your specialization, preparing patent applications filing for copy right etc. All this will bring extra time, faster response and efficiency in your practice.

continue...