HIPAA Compliance Committment
In light of recent media attention related to HIPAA Security, EMS|MC would like to reiterate our dedication to protecting your agency against unauthorized data breaches. At EMS|MC, we are committed to protecting the privacy and security of your patient’s protected health information in accordance with HIPAA and HITECH Regulations as well as the Identity Theft/Red Flag Compliance. We understand the importance of these protections and it is our priority to maintain your trust in our relationship.
In compliance with these Privacy and Security Regulations, EMS|MC has extensive policies and procedures to adhere to these guidelines. EMS|MC maintains a comprehensive Compliance Program with policies and procedures that include, but are not limited to:
- NIST 800-66 Compliant
- SSAE 16 and SAS 70 Type 1 and 2 Certified
- Designated Chief Compliance Officer, Compliance Manager, and IT Security Officer oversee all compliance related activities
- Corporate Compliance Committee meets monthly to discuss compliance related inquiries, identify risk areas, and develop compliance policies.
- Annual Mandatory Compliance Training and Education Programs with signed acknowledgement of understanding and commitment for all employees
- Employment Background Checks, Criminal History Checks, and OIG Exclusion Database Verifications for all employees
- Signed Employee Confidentiality Agreement, Confidentiality and Dissemination of Confidentiality Attestation Statement, and Compliance Code of Conduct
- User defined profiles limiting access to minimum use necessary based on roles and responsibilities
- Data Destruction Policies for all sources of PHI to include paper, electronic, and/or hardware devices
- Secure Work Environment with key fob entry system, building security alarm system, and locked offices, storage areas and other areas in which PHI may be stored.
- Data Disaster Recovery Plan and Data Backup Policies
- Secure Network and Email Encryption with Virus and Firewall Protection
- Secure FTP for sharing files with clients and external partners
- Contracts, Compliance Program and Business Associates Agreements with all vendors and subcontractors
- Prohibited printing capabilities from VPN, Citrix and Telecommuting Systems
- Ongoing monitoring of account access maintained through a history log of users accessing and/or modifying accounts
- Breach Notification Policy to immediately notify patients when their data may have been compromised
- PCI Compliance to ensure that credit card information is not stored after the transaction has been completed
- Red Flag Policy that identifies and notifies patients that may be victims of identity theft
The above policies are maintained by our Chief Compliance Officer and are available upon request. If you have any questions related to HIPAA Privacy and Security or EMS|MC Policies and Procedures, please contact our Chief Compliance Officer at (336) 766-4448.