HIPAA Compliance

Health Insurance Portability and Accountability Act

HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996, and the term is also frequently used to mean the many regulations, which have been published since 1996 under that law. The HIPAA regulations, including the much-publicized Patient Privacy and Security regulations, are the latest in a long series of government efforts to regulate the healthcare industry.

HIPAA insists that any organization that stores or transmits patient information must take enterprise-wide steps to adhere to HIPAA’s sweeping privacy, security and transactions standards. Essentially, HIPAA requires healthcare entities to ensure that they protect personal health information and the privacy rights of patients.

We are HIPAA Compliance

Under HIPAA’s Privacy Rule, ecare falls under the extension of Business Associate. A Business Associate (BA) is any person(s) or entity, which performs a function or activity on behalf of a Covered Entity (CE) and involves the use or disclosure of Protected Health Information (PHI).

We, at Eventual Healthcare are very serious about compliance. We have undertaken various steps and designed our process to ensure the same. Our entire network is very secure. All clients’ office records are kept behind a secure firewall and all electronic claims are securely encrypted for transmission. Your privacy and security are given the highest priority at Eventual Healthcare, India.

Eventual Healthcare ensures that all the changes and updates made by HIPAA are properly and correctly communicated amongst the team to ensure highest standards of security and confidentiality.

The services at Eventual Healthcare are designed to assure HIPAA compliance in the following way:

Every employee at ecare enter into a confidentiality agreement, the terms of which state that they agree not to use, publish or disclose, or permit others to use, any confidential information they may come in contact with.

Violation of this agreement warrants termination.

Access cards and biometrics access screening control entry of employees into the facility. Our facility is manned 24 X 7 and unauthorized intrusion is practically impossible.

Access to critical areas such as the server room is restricted and only authorized personnel have entry rights to these areas.

Internet/Email access is provided to only authorized personnel. Access to computer systems is restricted by logins and passwords, which is unique for every employee.

All paper containing PHI data is shredded before being disposed off.

Connection to the client’s servers is through secure VPN tunnels with 128-bit encryption.

Regular back up of data is taken and stored off-site as per company policies.

A dedicated Compliance Officer ensures compliance management processes, which are updated regularly and are stringently adhered to.