Confidentiality

Does SMBS comply with all HIPAA Regulatory Requirements?

SMBS HIPAA News (09/17/08)

The U.S. Department of Health and Human Services (HHS) has levied the first penalties against a healthcare agency. Providence Health & Services, based in Seattle, has agreed to a six-figure settlement following HIPAA security and privacy violations related to the loss of 386,000 patients' personal health information. Before mid-July, settlements had previously been resolved by demanding organizations to resolve their privacy and security problems.

The HHS settlement agreement states that disks containing individuals' HIPAA-protected health records were taken from employees' cars on at least five occasions in 2005 and 2006. The agreement also mandates that Providence Health and Services use encryption and other data protection policies to prevent the opening of authorized files. Providence must also train employees on security processes and issue compliance reports to HHS for three years.

This news should eliminate the false perception among healthcare organizations that HIPAA compliance is optional. Now that fines and monetary penalties are on the table, it's time for enterprises to shore up their HIPAA compliance programs, and that means being prepared for that next audit.

Reprinted from SearchSecurity.com

Confidentiality is taken very seriously at SMBS.

We have a thorough HIPAA (Health Insurance Portability and Accountability Act) compliance program in place for the protection of all of your critical billing and patient data. We achieve this goal through a variety of procedures including:     

Technology         

  • Computer Networks and Systems have security access mechanisms in place.
  • Use of personal I/O devices are not permitted within the company.
  • Monthly backups are stored at a secure off-site location.
  • Daily and Weekly backups are stored in fireproof cabinets.

Documents

  • Documents containing Protected Health Information are disposed of in a locked, tamper-proof box and shredded bi-weekly.
  • SMBS is completely paperless for stored documents.
  • Records are not released without a written authorization from the patient.

Communication

  • Faxes and E-mails contain a disclosure statement instructing the receiver to handle the item according to HIPAA regulations.
  • Changes to health information are requested in writing.
  • Patient account information is discussed with the patient or guarantor only.