HIPAA Compliance Statement
The Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act defines policies, procedures, and processes that are required for companies that store, process, or handle electronic protected health information (ePHI).
At SeeMedX, we take our responsibilities towards customer & patient confidentiality very seriously and have dedicated both resources and time to train our workforce and develop and implement all of the components of our HIPAA Compliance Program.
To ensure we are compliant with HIPAA and HITECH Act, ensure that we have the required safeguards in place to protect ePHI, and demonstrate HIPAA compliance to our clients:
- SeeMedX have developed and implemented a comprehensive HIPAA Compliance Program following the HIPAA Privacy and HIPAA Security Rule focusing on the administrative, physical and technical requirements of the HIPAA Security Rule as it applies to any potential risk associated with the use of PHI in our business.
- SeeMedX will have a designated HIPAA Privacy and Security Compliance Officer
- SeeMedX will have provided every member of our staff which also includes new hires, annual training.
- SeeMedX will have a formal established Employee Sanctions Policy should any HIPAA compliance violations occur.
- SeeMedX will ensure technological protocols such as: tight access controls, integrity procedures, firewalls, information systems activity monitoring another audit mechanisms to record access in information systems that use ePHI, use of encryption, automatic logoffs, password management procedures, and VPN tunnel.
- SeeMedX will have conducted a formal risk assessment to identify and document any area of risk associated with the storage, transmission, and processing of ePHI and have analyzed the use of our administrative, physical, and technical controls to eliminate or manage vulnerabilities that could be exploited by internal or external threats.
- SeeMedX will have limited access to ePHI.
We are dedicated to:
- Ensuring we are compliant with the regulatory requirements of HIPAA/HITECH
- Continuing to develop our safeguards to prevent unauthorized access to PHI. Adhering to the requirement to encrypt PHI
- Maintaining PHI in a secure environment
- Monitoring access to both the secure environment and the data
We are Confident that Our Comprehensive HIPAA Policies and Procedures Will:
- Ensure the confidentiality, integrity, and availability of all e-PHI we receive, maintain or transmit
- Identify and protect against reasonably anticipated threats to the security or integrity of the information
- Protect against reasonably anticipated, impermissible uses or disclosures
- Ensure compliance of our workforce.