Industries Healthcare

Protecting the Medical, Dental & Veterinarian Industries

Medical professionals need reliable IT systems. IMS Northwest healthcare IT support makes every aspect of patient care more integrated, efficient, safe and accurate. Our experienced team of customer-centric professionals will work closely with you, ensuring all medical records are secure. All records will be easily available whenever needed and our monitoring systems will perform automatic constant backups and keep your Electronic Medical Records (EMR’s) secure.

Healthcare - HIPPA & Security

What is HIPAA?

HIPAA (Health Insurance Portability and Accountability Act of 1996) was created in order to protect health information and give patients certain rights regarding their private health information. It also allows for disclosure of health information necessary for patient care. This act specifies safeguards necessary for administrative, and physical and technical handling of patient health information.

According to the U.S. Department of Health and Human Services (HHS.gov) HIPAA has many requirements and restrictions. It requires safeguards for:

• Access Control
• Audit Controls
• Person or Entity Authentication

Access control

Access Control is defined in the HIPAA Privacy Rule as “the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.” It should allow authorized users to only access the minimum amount of information necessary to complete job functions. The Access Control specification also requires the implementation of an exclusive user identification or user ID, and immediate access in case of an emergency.

Security

When dealing with patient records in an office, maintaining privacy and security usually involves storing patient files in locked cabinets where the files can be physically secured and visibly monitored at all times. When you are storing patient information online, certain precautions must be met in order to maintain the same security and privacy guaranteed each patient.

While HIPAA permits patient records to be transmitted over the Internet, businesses will want a service that offers file encryption, authentication and password protection in order to secure the information. Although HIPAA does not require online data storage services to have encryption, it does require that patient information be adequately protected and accessible only to authorized persons. Encryption is the best way to protect that information and ensure authorized access to those records. It is also important to offer backup services in case of a virus attack, flood, or fire. Finally, the service must offer a method of tracking any security breach, as well as the ability to lock out former employees after they have left or been terminated.

Managed Services Provider Responsibilities

When storing patient information, it is important to stay HIPAA compliant, as the fines for not doing so are expensive. While online storage for health care businesses guarantee less worry, work, and expense for health care providers, the service is only as good as the security offered. Remaining HIPAA compliant is vital in order to continue a good business relationship with the health care industry.

Healthcare - HIPPA Compliance

The Health Insurance Portability and Accountability Act (“HIPAA”) privacy policy is intended to protect an individual’s privacy and comply with the Privacy Rule promulgated under HIPAA. This policy may change from time to time, so please check it frequently. HIPAA Privacy Policy Implemented April 15, 2006.

The Health Insurance Portability and Accountability Act (HIPAA) final Privacy regulations were published on December 28, 2000 with a compliance deadline of April 14, 2003. IMS Northwest agrees to adhere to the Standards of Privacy of Individually Identifiable Health Information published by the US Department of Health and Human Services Offices for Civil Rights (CFR 45 Parts 160 and 164). The Privacy Rule under HIPAA requires that “covered entities” enter into “business associate” agreements with entities that perform services on their behalf involving protected health information (“PHI”). In some instances, to effectively provide service to our clients, it is necessary for us to receive and utilize your PHI. Therefore, to the extent you are a “covered entity,” and to the extent we act as a “business associate” on your behalf, we are providing you with these written assurances as required for your compliance with the HIPAA Privacy Rule. HIPAA has established a deadline of April 5, 2005 for all health care providers to implement secure networks for the transmission of all private health information.

For information transmission to be considered secure, three elements are necessary:

  • Authentication – identification of the senders/receivers of the information.
  • Non-repudiation – verification that the senders/receivers of the information are who they say they are.
  • Integrity – verification that information cannot be tampered with, ‘hacked’ or ‘broken-into’ during transit.

To be considered “secure” under HIPAA guidelines, the network used by the covered entity must require that users have both a unique username and password and take steps to ensure that data is transmitted over the system in a way such that it cannot be easily intercepted by an entity outside the network. IMS Northwest has implemented a secure network that meets all criteria. Our network security is similar in design, function and compliance to those used by the banking and financial industries for electronic monetary transactions.

IMS Northwest is committed to providing the highest data security and integrity standards in its software and operations to meet or exceed the requirements set forth by published HIPAA regulations. Protected Health Information (PHI) shall be used solely under the Treatment, Payment or Healthcare Operations (TPO), as defined by the US Department of Health and Human Services.

IMS Northwest’s networks are protected by the latest firewall technology and it utilizes SSL (128 bit Secured Socket Layer technology) for transmission of all web-based transactions. All file transfers occur over encrypted communications lines using 128 bit Secured Socket Layer technology and all data is encrypted at the client site and at IMS Northwest before such transmission. We utilize Verisign, Inc. as our Certificate Authority for all SSL-based communications. PHI data and personal identifying information that resides at IMS Northwest is also encrypted using the Advanced Encryption Standard (AES) before storage.

IMS Northwest strives to have in place appropriate means to protect your information. We employ industry standard encryption technologies such as SSL (128 bit Secured Socket Layer technology) both internally and externally and utilize the latest firewall technologies to mitigate risks. However, in providing your information over a public or third party network, it is important to understand you do so at your own risk. All internal IMS Northwest processes related to the Protected Health Information (PHI) have been assessed to ensure that current operations comply with HIPAA privacy and security requirements. Each IMS Northwest employee, contractor and Strategic Business Partner has received the HIPAA Privacy Training necessary to understand and adhere to the provisions of this important piece of legislation. In addition, on-going employee communication and education of HIPAA-related issues is being facilitated through the internal corporate intranet.

IMS Northwest will, effective April 15, 2006, carry out our responsibilities in compliance with the HIPAA Privacy Rule to protect the privacy of any personally-identifiable PHI that we collect, process or learn of as a result of providing services on your behalf.