HIPAA Compliance at DOCTUS
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addressed the security and privacy of health data. As the industry has implemented these standards, and increased the use of electronic data interchange, the nation's health care system will become increasingly effective and efficient.
HIPAA Compliant Business Associate agreements are entered into with all personnel. All personnel and business partners are trained in security policies and regulations. All personnel are audited at periodic intervals with regard to their understanding and application of such training. All policies and procedures are well-documented and officially communicated, with regular monitoring and internal audits. A detailed backup plan in the event of emergencies or disasters is documented and taught to all personnel; this plan is audited and tested at periodic intervals.
Access to production areas restricted to authorized personnel. All personnel have to carry identification at all times. Visitors are not permitted into the production area. No unauthorized storage devices allowed in the production area. All storage devices entering or leaving the facility are monitored by qualified technical staff. No protected information is allowed to be stored on the network after use. Periodic and random physical checks are made of personnel leaving the facility.
Access to all protected information is restricted to authorized personnel with the use of multilevel username/password. All data transfers between facilities are encrypted (128 bit SSL). Clients are offered VPN security as a default option. All network activity is monitored and recorded. All transfers are conducted by licensed or proprietary applications.