HIPAA Compliance  Committment

In light of recent media attention related to HIPAA Security,   EMS|MC would like to reiterate our dedication to protecting your agency   against unauthorized data breaches.  At EMS|MC, we are committed to   protecting the privacy and security of your patient’s protected health   information in accordance with HIPAA and HITECH Regulations as well as the   Identity Theft/Red Flag Compliance.  We understand the importance of these   protections and it is our priority to maintain your trust in our   relationship.

In compliance with these Privacy and Security Regulations,   EMS|MC has extensive policies and procedures to adhere to these   guidelines.  EMS|MC maintains a comprehensive Compliance Program with   policies and procedures that include, but are not limited to:

  • NIST 800-66 Compliant
  • SSAE 16 and SAS 70 Type 1 and 2 Certified
  • Designated Chief Compliance Officer, Compliance Manager, and IT Security Officer        oversee all compliance related activities
  • Corporate Compliance Committee meets monthly to discuss compliance related        inquiries, identify risk areas, and develop compliance policies.
  • Annual Mandatory Compliance Training and Education Programs with signed        acknowledgement of understanding and commitment for all employees
  • Employment Background Checks, Criminal History Checks, and OIG Exclusion Database        Verifications for all employees
  • Signed Employee Confidentiality Agreement, Confidentiality and Dissemination of        Confidentiality Attestation Statement, and Compliance Code of Conduct
  • User defined profiles limiting access to minimum use necessary based on roles and responsibilities
  • Data Destruction Policies for all sources of PHI to include paper,  electronic, and/or hardware devices
  • Secure Work Environment with key fob entry system, building security alarm system, and locked offices, storage areas and other areas in which PHI may be stored.
  • Data Disaster Recovery Plan and Data Backup Policies
  • Secure Network and Email Encryption with Virus and Firewall Protection
  • Secure  FTP for sharing files with clients and external partners
  • Contracts, Compliance Program and Business Associates Agreements with all vendors        and subcontractors
  • Prohibited printing capabilities from VPN, Citrix and Telecommuting Systems
  • Ongoing monitoring of account access maintained through a history log of users        accessing and/or modifying accounts
  • Breach Notification Policy to immediately notify patients when their data may have been compromised
  • PCI Compliance to ensure that credit card information is not stored after the transaction has been completed
  • Red Flag Policy that identifies and notifies patients that may be victims of  identity theft

The above policies are maintained by our Chief Compliance  Officer and are available upon request.  If you have any questions related to HIPAA Privacy and Security or EMS|MC Policies and Procedures,   please contact our Chief Compliance Officer at (336) 766-4448.