Complete HIPAA Compliance for your Digital Medical Solution
What is HIPPA?
HIPAA, the Health Insurance Portability and Accountability Act, is the standard for safeguarding protected health information (PHI).
Who must be HIPPA compliant?
The HIPAA Rules apply to two groups: covered entities and business associates. Covered entities are providers who electronically transmit health information including doctors, pharmacies and health insurance companies. Business associates, like Compass Electronics Solutions (CES), is anyone with access to PHI and provides operational support to protect PHI according to HIPAA rule.
How do we ensure HIPAA compliance?
CES is prepared to work with you in protecting your sensitive PHI data. We have developed administrative, physical and technical safeguards according to the U.S. Department of Health and Human Services (HHS) and can develop HIPAA systems to ensure compliance from the device to the end user.
- Physical safeguards include limited facility access and control, with authorized access in place.
- Technical safeguards require access control to allow only the authorized to access electronic protected health data. CES encrypts not only the electronic PHI (ePHI) required by HIPAA but all data whether it is in transit or at rest in the system.
- Network, transmission and security safeguards are in place against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network.
- Technical policies are measures created to confirm that PHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered.
- Audit reports are available to keep records of activity on hardware and software to monitor and track transactions occurring within the systems to identify sources of breaches.
- Training of CES staff upon hire, yearly and when changes to the HIPAA rule are performed by CES’ HIPAA Privacy Officer.
- Breach Notification are rules of notification in the unlikely event a data breach occurs. CES has established processes to notify the appropriate entities in the event of a breach.
We have implemented Department of HHS guidelines and are fully compliant with the HIPAA rule. We will sign Business Associate Agreements (BAA) attesting to our willingness to work in a HIPAA compliant solution.