PathoGenius and HIPAA

PathoGenius provides several secure features. It combines the rich feature set one would expect from a Professional Health Care Community Portal and a HIPAA-compliant document transfer and messaging system. As such, Southwest Regional PCR LLC (SWR)., and Pathogenius Diagnostics LLC, realizes the need for thorough documentation regarding our HIPAA compliance and awareness. In an effort to exceed expectations and ease the concerns of a community attempting to implement and address a number of federal regulations, we offer the following:

The Health Insurance Portability and Accountability Act (HIPAA) of 1996, Federal Law was enacted by Congress & signed by President Clinton in 1996. The original intent was to make it easier for people to move from one health insurance plan to another (due to job change, unemployment, change in marital status). HIPAA regulation includes the Administrative Simplification Title (II), which sets requirements in the areas of Transactions, Identifiers, Privacy, and Security. Tied into these legislative requirements are compliance dates and penalties for violations.

In compliance with the Security Rule, SWR will follow measures to:

 

1. Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that it receives, or transmits on behalf of the covered entity.


2. Ensure that any agent, including a subcontractor, to whom it provides such information, agrees to implement reasonable and appropriate safeguards.


3. Report to the covered entity any security incident of which it becomes aware.


4. Authorize termination of the contract by the covered entity, if the covered entity determines that the business associate has violated a material term of the agreement.

As a covered entities, we facilitate secure and encrypted transmission of EPHI to and from Healthcare Providers. Though recognized as such, we understand your position towards creating a HIPAA compliant work environment, and take our responsibility to facilitating your needs seriously. Even though, as a Business Associate, SWR is not required to meet all of the stringent HIPAA regulations that Healthcare Providers are statutorily obligated to, we have taken innumerable measures to ensure that our company and iMedicor’s messaging system meets or exceeds these expectations. SWR. is committed to protecting our clients’ EPHI and has instituted policies to ensure that our clinical diagnostic workforce is trained, understand, and implement HIPAA security requirements.

While no system can be 100% secure, we promise to make best efforts to protect the Confidentiality, Integrity, and Availability of PHI using the strongest currently available technologies.

 

How The Company, SWR, Complies:

1. Have and follow written policies and procedures
2. Appointed Security Officer
3. Train employees with access to PHI on HIPAA and the Policies and Procedures
4. Monitor compliance
5. Sanction employees who violate HIPAA
6. Have Business Associate Agreements with Healthcare Providers
7. Safeguard PHI
8. How Individual Employees Comply:
9. HIPAA Awareness
10. Follow the written Policies and Procedures
11. Understand how protections apply
12. Safeguard PHI
13. Understand mandatory and permissible “uses and disclosures”

 

 

F.A.Qs (Frequently Asked Questions)

1. May a covered entity share protected health information directly with another covered entity's business associate?

   Yes. If the HIPAA Privacy Rule permits a covered entity to share protected health information with another covered entity, the covered entity is permitted to make the disclosure directly to a business associate acting on behalf of that other covered entity.
   
   

2. What are a covered entity's obligations under the HIPAA Privacy Rule with respect to protected health information held by a business associate during the contract transition period?

   During the contract transition period, covered entities must observe the following responsibilities with respect to protected health information held by their business associates:

   • Make information available to the Secretary, including information held by a business associate, as necessary for the Secretary to determine compliance by the covered entity.
   • Fulfill an individual’s rights to access and amend his or her protected health information contained in a designated record set, including information held by a business associate, if appropriate, and receive an accounting of disclosures by a business associate.
   • Mitigate, to the extent practicable, any harmful effect that is known to the covered entity of an impermissible use or disclosure of protected health information by its business associate.

   Covered entities are required to ensure, in whatever reasonable manner deemed effective by the covered entity, the appropriate cooperation by their business associates in meeting these requirements during the transition period. However, a covered entity is not required to obtain the satisfactory assurances required by the Privacy Rule from a business associate to which the transition period applies. Of course, even during the transition period, covered entities still may only disclose protected health information to a business associate for a purpose permitted under the Rule and must apply the minimum necessary standard, as appropriate, to such disclosures.

 

References

Information in this document directly refers to several articles on the United States Department of Health & Human Services -- Office for Civil Rights web site. Referenced links are listed below:

http://www.hhs.gov/ocr/hipaa/finalmaster.html

http://www.hhs.gov/hipaafaq/providers/business/241.html

http://www.hhs.gov/hipaafaq/providers/business/234.html

http://www.hhs.gov/ocr/hipaa/guidelines/businessassociates.pdf

http://www.hhs.gov/ocr/AdminSimpRegText.pdf

http://aspe.hhs.gov/admnsimp/faqnpi.htm

 

E-mail: info@pathogenius.com