A HIPAA Compliant CompanyExpress Imaging Services, Inc. realizes that most of our clients are required to ensure the confidentiality of patient healthcare data pursuant to Health Insurance Portability and Accountability Act (“HIPAA”). We understand the sensitivities and the seriousness associated with keeping patient healthcare data private and secure.
This HIPAA Compliance Statement (“Statement”) is intended to inform our clients that we are aware of their HIPAA requirements and will do our part to help ensure that certain data is kept confidential. This Statement is not intended to take the place of a Business Associate Agreement (as that term is understood in our industry and/or defined by law). We have instituted policies and procedures to ensure that such data is kept confidential, including but not limited to the following:
Privacy and Security Mandates: To protect the privacy and security of the of a client’s identifiable health information which is also known as protected health information (“PHI”) and we have implemented the following processes:
• Encryption utilizing industrial-strength encryption (256-bit Rijndael/AES)
• User ID password-protected authentication procedures.
• Server side certificates
• Secure Sockets Layer Version 3 (SSL V3)
• No PHI persisted via phone
• Secure E-mail usage when transmitting PHI and confidential information
• Restricted access to PHI on a need to know basis and only by authorized personnel
• Restricted outside access to all servers and production workstations
• Automated data backups
• Data backups stored in secured safe environment
• Automated virus checking
• Report any non-compliance of which we become aware
• Upon reasonable notice and during normal business hours, allow the Secretary of the United States Department of Health and Human Services the right to audit our records and practices related to the use and disclosure of PHI to ensure compliance
• All employees with access to PHI receive training on our policies and procedures according to HIPAA mandates
• All of our employees and subcontractors are required to sign a confidentiality agreement as part of their employment/ retention contract(s)
Data is Protected From Unauthorized Viewing: Our access is restricted via password to only those employees who have a need to know. Servers and data storage units are in a secured computer room with limited access. Data is received and forwarded via automated, electronic processes and paper format. The destruction of paper charts adheres to our record retention and destruction policy. Access or viewing of PHI is only allowed when required to provide and fulfill services to clients.