|
HIPAA Preparedness
Statement
Overview:
Medical Electronic Billing
(MEB) appreciates and understands the major changes
our healthcare industry clients are undertaking
for compliancy within the Health Insurance Portability
and Accountability Act of 1996. HIPAA impacts
all areas of the healthcare industry. While the
law was designed to improve the efficiency of
healthcare by standardizing the exchange of administrative
and financial data, it also includes protecting
the privacy, confidentiality and security of patient
healthcare information (PHI). This protection
is encompassing to include the same standards
and commitments from Business Associates, previously
known as vendors or partners.
Medical Electronic Billing is committed to honoring
HIPAA guidelines at every level of operations.
We understand our duty as a responsible and conscientious
business associate in the healthcare industry.
We recognize that our actions are imperative in
maintaining a chain of trust link for each of
our valued healthcare clients. Medical Electronic
Billing is HIPAA ready and will continue to work
towards maintaining and exceeding all security
and privacy regulations in accordance with both
the current and future rulings.
Medical Electronic Billing wishes to highlight
several of our established standards, administrative
procedures, physical safeguards, technical security
devices and technical security mechanisms when
dealing with PHI.
Transmission/Security:
While the guidelines for the Transaction Codes
and Data Elements (including the X12N version
4010) do not apply to the transmission for processing,
print and mailing of patient statements/invoices,
Medical Electronic Billing has taken action to
ensure security integrity and vulnerability are
addressed and enforced.
Medical Electronic Billing constantly monitors
our web security in order to protect the integrity
of data transmissions. This includes the continual
monitoring of user access, password changes, account
modification, file uploads, file downloads, and
deleted files. Medical Electronic Billing uses
these systems concurrent with activity logs to
audit and protect systems and data. As specified
in company procedure, every log is reviewed regularly
with any anomalies or discrepancies thoroughly
investigated and documented as to the cause and
the resolution.
Advanced firewall technology is utilized to protect
our user database from unauthorized intruders
when connected to the Internet. Data entering
or leaving the network must pass through this
firewall, which examines each message, blocking
those not meeting stringent security criteria.
Medical Electronic Billing's platform also includes
a high-speed wireless Internet connection. While
still somewhat new to most end users, this process
allows data to travel through space, vs. wires
or cables, affording a more difficult avenue to
intercept data.
Our FTP (File Transfer Protocol) site uses server-based
Secure Socket Layer (SSL). SSL technology provides
advanced (128- bit) strong encryption tools that
convert data into code before it is transmitted
over the Internet. This technology also requires
verifiable logon identification and passwords
only known by authorized staff.
In addition to the above mentioned security levels,
Medical Electronic Billing, uses protocol controls
to transmit data securely by means of an Equifax
Secure Server Digital ID. GeoTrust, a national
recognized Internet security company, certifies
these controls.
Once files are received from clients by any electronic
means (phone modem, Internet, email, hard copy
disk) strong steps are met to restrict and protect
the privacy of data from inappropriate use and
disclosure.
Privacy:
HIPAA privacy guidelines are meant to protect
patient's health information. While Covered Entities
are required to obtain consent and authorization
from an individual prior to disclosing individual
PHI, Medical Electronic Billing continues to illustrate
our business associate commitment. We have the
following procedures in place to act in accordance
with HIPAA privacy issues:
Access to any data information is limited to
authorized personnel with a 'minimum need to know'
standard. State-of-the-art internal firewalls
are used to restrict unauthorized personnel from
inadvertently accessing patient data. Only personnel
directly involved with processing patient statements
have access to data files.
Data received from our clients is used solely
for client directed projects as they relate to
process, printing and mailing of patient billing
statements. Data is solely the property of each
client and is never duplicated, extrapolated,
sold, transmitted to a third party, or manipulated
in any way. Any and all exceptions require the
expressed written authorization and specific instructions
from an Officer of the client's organization.
Any misprints, hardcopy test files, spoilage,
or reprints are destroyed on site in a secure
environment. Medical Electronic Billing has shredding
services provided by Shred-It, a nationally recognized
and bonded document recycling company. All data
deemed for shredding is stored in a secure locked
container located on site. Strict guidelines are
in place regarding supervision and destruction
of the contents.
To re-enforce the confidentiality of all data
information, Medical Electronic Billing has each
employee sign a confidentiality agreement. Under
terms of the agreement, all employees agree not
to use, publish or disclose, or permit others
to use, publish or disclose, any confidential
information they may come in contact with. Violation
of this agreement warrants immediate termination.
Regularly scheduled staff meetings include agenda
items discussing confidentiality and our commitment
to exceed all federal, state and local privacy
guidelines. These staff meetings along with ongoing
training ensure each staff member understands,
validates and exemplifies our commitment to our
clients.
For more information, please contact:
Marty Bielecki
HIPAA Compliance Officer
1-800-968-5798 x40
|
