HIPAA Compliance

HIPAA Compliance

We are a totally HIPAA compliant organization. We have deployed systems and procedures that adequately address the issues of security and confidentiality. Quality, security, and turnaround time are the areas that we constantly monitor due to the critical nature of healthcare information.

 

SECURITY AND CONFIDENTIALITY:

It shall be the policy of SSS to protect and safeguard "Protected Health Information" (PHI) created, acquired, and maintained on or behalf of SSS operations. We are committed to practices and procedures that are consistent with the standards mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which will assist our clients in complying with the regulatory requirements imposed upon them by HIPAA. SSS considers the privacy, confidentiality, and security of patients' health information as an essential component of our business relationship with our clients. Safe and secure handling of the patient information provided to us by clients is a crucial aspect of our business, and we undertake this responsibility at all levels. Recognizing that we may qualify as a "business associate" under the HIPAA standards with respect to the privacy of individually identifiable health information, SSS has revised its standard confidentiality agreement, and has formulated safeguards to ensure HIPAA Compliance. A designated full-time HIPAA Compliance Officer ensures effective compliance. For more information regarding HIPAA, please visit www.hipaa.org.

SAFEGUARDS

It is the policy of SSS that appropriate physical safeguards will be in place to reasonably safeguard Protected Health Information from any intentional or unintentional use or disclosure that is in violation of the HIPAA Privacy Rule. These safeguards will include physical protection of premises and technical protection of PHI maintained electronically and administrative protection. These safeguards will extend to the oral communication of PHI. These safeguards will extend to PHI that is removed from this organization.

HIPAA Administrative Safeguards

SSS has implemented the following administrative procedures at their facilities to guard data integrity, confidentiality, and availability:

  1. SSS has implemented procedures for restricting use and disclosure of Protected Health Information (PHI) to the minimum amount necessary.
  2. All personnel are bound by PHI confidentiality and non-disclosure agreements.
  3. The antecedents of the employees are ensured through background checks.
  4. Termination Procedure is in place to prevent continued access to PHI by a terminated employee.
  5. Periodic information and security training are conducted mandatory.
  6. Assigned security responsibility through designated HIPAA Compliance Officer.

HIPAA Physical Safeguards

SSS has implemented the following physical safeguards to guard data integrity, confidentiality, and availability:

  1. SSS has effective measures for its physical security, like round the clock manned security desk and digital smart card authenticated entry.
  2. Duplicating facilities are disabled to ensure that no PHI is taken out of office.
  3. SSS employees are trained on policies regarding use and disclosure of PHI.

HIPAA Technical Safeguards

SSS provides technical safeguards to guard the data integrity, confidentiality, and availability in our services:

Access controls:

  1. Each user is allowed to view/access only specific information according to defined access rights.
  2. Access is granted to personnel based on their roles and need for PHI.
  3. Automatic log off and Enforced Passwords security are deployed to ensure workstation security.
  4. Passwords are changed at all levels as per the Password policy to ensure more control.

Audit Controls:

All activities at SSS are monitored and activity logs are raised and audited for security breaches.

 

Transmission Security:
  1. Transmission security is achieved through 128-bit data encryption.
  2. Internet Security is ensured through firewall.

TRAINING AND AWARENESS

It is the policy of SSS that all members of our workforce have been trained on the policies and procedures governing protected health information and how SSS complies with the HIPAA Privacy and Security Rule. It is also the policy of SSS that new members of our workforce receive training on these matters within a reasonable time after they have inducted. It is the policy of SSS to provide training should any policy or procedure related to the HIPAA Privacy and Security Rule materially change. This training will be provided within a reasonable time after the policy or procedure materially changes. Furthermore, it is the policy of SSS that training will be documented and records maintained for the prescribed period.

SANCTIONS

It is the policy of SSS that sanctions will be in effect for any member of the workforce who intentionally or unintentionally violates any of these policies or any procedures related to the fulfillment of these policies.

RETENTION OF RECORDS

At SSS, the HIPAA Privacy Rule records retention requirement will be strictly adhered to. All records designated by HIPAA in this retention requirement will be maintained in a manner that allows for access within a reasonable period of time. After the records retention time, it will be destroyed as per the data destruction policy.

MITIGATION

It is the policy of SSS that the effects of any unauthorized use or disclosure of protected health information be mitigated to the extent possible.