Our compliance focuses on three safeguards: Administrative, Technical, and Physical.
We comply with HIPAA by observing proper information management. A HIPAA officer is assigned to recommend guidelines and conduct monitoring and training. These officers also serve as policy enforcers who prevent unauthorized access to sensitive information. At any time these policies be breached, incident reports are prepared by the responsible staff or the supervising officer to be submitted to the HIPAA officer for immediate action.
Our protocols are designed to include active client participation. Clients choose their preferred EMR, cloud storage, and phone system with which they may be familiar or comfortable. These channels are secured at all times, maintaining a delicate balance between protection and client accessibility.
VAs have individual accounts and are assigned a company laptop and work desk, making it easier for management to trace unauthorized access or any misuse of PHI. At the end of their shifts, laptops are documented and returned to a designated storage to be kept under lock and key.
Our office spaces are guarded by security personnel and some areas are closed off to the general staff. Workstations that handle PHI are designated as “HIPAA zones” and observe tighter security clearance policies. Employees are banned from using cellphones and similar recording devices at their HIPAA-designated workstations. Non-HIPAA-trained personnel are prohibited from entering HIPAA zones unless properly authorized.
We observe a zero-tolerance policy in the unauthorized downloading of PHI. We strictly refrain from printing PHI — and in circumstances where printing may be of utmost necessity, the documents are subsequently destroyed via shredder in the presence of a HIPAA officer.