What our employees say about EMS|MC
Who We Are
Revenue Cycle Management
Supplementary Revenue Programs
In The News
White Papers and Articles
Please provide your contact information and a run number so we can answer questions about your account. Your run number can be found on your statement. If you are having trouble locating your run number, please call 1-800-814-5339.
Requester's Daytime Phone
Relationship to Patient
State the Relationship to the Patient
Are you requesting a callback?
Question about your statement:
Phone: 336-766-4448 Fax: 336-740-9791 HIPAA Security Standards for the Protection of Electronic Protected Health Information (ePHI) THIS NOTICE DESCRIBES HOW ELECTRONIC MEDICAL INFORMATION ABOUT YOU IS PROTECTED TO ENSURE THAT ONLY THOSE WHO SHOULD HAVE ACCESS TO EPHI WILL HAVE ACCESS TO IT WITH REGARDS TO APPROPRIATE ADMINISTRATIVE, PHYSICAL AND TECHNICAL SAFEGUARDS. PLEASE REVIEW IT CAREFULLY. EMS Management and Consultants, Inc. NOTICE OF SECURITY STANDARDS PRACTICES EMS Management and Consultants, Inc. is committed to safeguarding the privacy and confidentiality of patients' electronic protected health information (ePHI). It is our policy to be in compliance with the requirements of federal and state laws related to protecting electronic health information, including the Security Standards for the Protection of Electronic Protected Health Information. (45 CFR, Parts 160 and 164, Subparts A and C, commonly called the “Security Rule”). This notice explains how ePHI that is provided to us, maintained by us, and shared with others by us is safeguarded to protect the confidentiality, integrity and availability of the data while in an electronic format. We are required by law to make sure that ePHI that identifies you is kept private, complete, and assessable with reasonable administrative, physical, and technical safeguards. EMS Management and Consultants, Inc. is a covered entity providing billing and collection services. We will use appropriate security measures that will prohibit against inappropriate use or disclosure, improper altercation or destruction, and establish recovery processes that will ensure ePHI is available when needed. Administrative Safeguards – Section 164.308 Security Management Processes •Assess, analyze, and manage the risk of concepts and practices •Employ security measures sufficient to reduce risk •Uphold a sanction policy against workforce members who fail to comply with security policies •Conduct procedures to regularly review records of information systems activities Assigned Security Responsibility •Identify the security official who is responsible for the development of the policies and procedures Workforce Security •Establish procedures for the authorization and/or supervision of workforce members •Demonstrate that the access of a workforce member is appropriate •Properly remove access when employment ends or is no longer deemed appropriate Information Access Management •Ensure proper protection from unauthorized access from other parts of our organization •Grant appropriate access to ePHI through access to a workstation, transaction, program, or process •Review authorization policies for a user’s right of access to a workstation, transaction, program, or process Security Awareness and Training •Conduct security awareness and training programs for all members of our company •Guard against and detect malicious software programs •Monitoring log-in attempts and guard against intrusions •Engage in creating, changing, and safeguarding passwords Security Incident Procedures •Identify and respond to suspected or known security incidents •Report and document security incidents and their outcomes Contingency Plan •Respond to emergency or other occurrences that damage systems that contain ePHI •Conduct a data backup plan that will create and maintain retrievable exact copies of ePHI •Participate in and implement procedures to avoid and recovery data in the event of a disaster •Engage in procedures that will enable continuation of critical business processes for protection of ePHI while in the operation of emergency mode •Participate in periodic testing and revision of backup, continuation, and recovery plans •Continue to assess the relative criticality of specific applications and data in support of contingency plan components Evaluation •Periodically review and maintain reasonable and appropriate security measures to comply with the Security Rule Business Associate Contracts and Other Arrangements •When we must enter into a contract or other arrangement with persons or businesses that meet the definition of business associate we will appropriately safeguard ePHI by obtaining assurance that the business associate will meet applicable requirements through a written contract Physical Safeguards – Section 164.310 Facility Access Controls •Safeguard and limit physical access of our ePHI and the facilities in which they are housed •Allow facility access in support of data and system restoration in the event of disaster recovery •Secure all facilities against unauthorized access •Validate a person’s access to facilities based on their roles and functions •Document repairs and modifications to the physical components of the facilities which are related to security Workstation Use •Engage in proper functions to be preformed, the manner in which the functions are to be preformed and the physical attributes surrounding the workstations Workstation Security •Workstation use and accessibility will be restricted to authorized users only Device and Media Control •Secure and govern the receipt and removal of hardware and electronic media that contain ePHI Technical Safeguards – Section 164.312 Access Control •Allow access on systems that contain ePHI to only those persons or software programs that have been granted access •Track and identify user by name and/or number when accessing information systems •Document procedures for obtaining necessary ePHI during an emergency •Electronically terminate all person or software session after a predetermined time of inactivity •Employ methods to encrypt and decrypt ePHI when necessary •Record and examine activity in information systems that contain ePHI Integrity •Protect ePHI from improper alteration and destruction •Automatically check for data integrity with check sum verifications or digital signatures Person or Entity Authentication •Verify that person or entity seeking access is authentication by proper identification Transmission Security •Guard against unauthorized access to ePHI that is being transmitted over electronic communication networks •Secure ePHI to ensure that it is not improperly modified through proper communication protocols •Implement technologies to encrypt ePHI Organization Requirements – Section 164.314 Business Associates Contracts or Other Arrangements •Ensure that any business associates will provide safeguards to protect ePHI and ensure that the associate agrees to implement reasonable protection of ePHI Policies and Procedures and Documentation Requirements – Section 164.316 •Policies and Procedures will reflect the mission and culture of our organization thereby enabling our company to use current standard business practices for policy development and implementation Documentation •We will maintain the policies and procedures in written form and if action, activity or assessment is required to be documented we will maintain a written record of that Time Limit •We will retain this document for six years from the date of its creation or the date when it last was in effect, whichever is later Availability •This document is available to those persons responsible for implementing the procedures to which the document pertains Updates •We will review this documentation periodically and update it as needed, in response to environment and operational changes affecting the security of the ePHI. Right to a Paper Copy of This Notice: You have the right to receive a paper copy of this notice. You may print a copy of this notice from our website, www.emsbilling.info Changes to This Notice The effective date of this notice is April 20, 2005. We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for medical information we already have about you, as well as any information we receive in the future. If the terms of this notice are changed, EMS Management and Consultants, Inc. will post the revised notice on our web site and in designated locations at EMS Management and Consultants, Inc. Complaints If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. To file a complaint with EMS Management and Consultants, Inc., you must submit your request in writing to our HIPAA Security Officer at the address below. You will not be penalized for filing a complaint. Attention: HIPAA Security Officer EMS Management and Consultants, Inc. 2540 Empire Drive Winston-Salem, NC 27103 Email:
Phone: 336-766-4448 Fax: 336-740-9791