Edison and Lee International Solutions recognizes the importance of protecting the privacy and integrity of every patient's health information. Following are the initiative taken company wide to protect PHI
Privacy
Every employee signs a confidentiality agreement with severe penalties for HIPAA violations. Access to applications/databases defined on 'need-to-know' and 'minimum necessary' basis HIPAA compliant procedures defined in risk areas like: Fax and email communication to external agencies Information disclosure to payers, patients, family members and others Storage, retrieval and/or disposal of reports and physical records Common resources such as scanners and copier machines.
Security
Physical and electronic access restrictions to work area and network Firewall protection for internal network from the World Wide Web Enterprise-wide multiple virus protection systems 128-bit SSL and data encryption on all web based applications.
Each user has unique login, power-on and screensaver passwords Controlled media usage/movement through inventory logs and physical checks.
User accounts to access shared resources like fax machines and photocopiers Random screening of emails for attachments with PHI.
All documentation is kept on our proprietary electronic Document Management System, which is protected by stringent rules of user access, logins and passwords.
Transaction Standards
Our systems and processes completely support the usage of the new transaction and code sets under the HIPAA standards provided your third-party or proprietary software supports the same. If you are utilizing the services of a clearinghouse in transmitting claims, we can continue, without altering the arrangement. We currently work with several clearinghouses across the USA , for the transmission of claims and patient bills.
Our proprietary practice management software Electronic Health Networks, is completely HIPAA compliant. The following transaction sets, are available as part of the standard application:
While the various players continue to move towards full compliance with the new HIPAA standards, Our proprietary practice management software Electronic Health Networks, has several such built-in safeguards: Audit trails and modification logs to ensure the trace-ability of changes made to PHI. Non-TPO PHI disclosures are logged into the software system.
Information on disclosures can be retrieved at any time. All access to the software is based on logins and passwords, linked to a system of user-groups and rights, ensuring conformance to our 'minimum necessary' policy. Data is backed up daily and an offsite backup maintained as part of our Disaster Recovery Policy.
HIPAA resource directory is available on the Intranet to update employees on regulations, news and events.