<img src="../images/flash_side.jpg" width=128 height=285 border=0>
 

ClaimAssist's Responsibilities under HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress in 1996 and is the latest in a series of privacy/confidentiality laws with which ClaimAssist is required to comply.

ClaimAssist is considered a "Business Associate" under HIPAA. A Business Associate is any entity that performs services on behalf of a Covered Entity that requires the use of Protected Health Information (PHI) of the Covered Entity's patients. 45 C.F.R. § 160.103(1). The HIPAA laws do not apply directly to Business Associates. Instead, HIPAA obligates Covered Entities to enter into special written contracts with Business Associates known as Business Associate Agreements. It is through these agreements that the obligations created by HIPAA are imposed upon Business Associates.

Under HIPAA, Covered Entities must obtain satisfactory assurance that its Business Associates will appropriately safeguard their patients' PHI. 45 C.F.R. § 164.502(e)(1). 45 C.F.R. § 164.502(e)(2) states that, "A covered entity must document the satisfactory assurances required by paragraph (e)(1) through a written contract or other written agreement or arrangement with the business associate that meets the applicable requirements of 45 C.F.R. § 164.504(e). To this end, ClaimAssist will work in conjunction with our Covered Entity clients to define the terms and conditions necessary for their compliance with the HIPAA mandate. ClaimAssist has promulgated a series of contractual provisions that it will propose and use in the absence of or in addition to any required by our Covered Entity clients.

Protected Health Information (PHI)

As an early adopter of the 2003 HIPAA mandate, ClaimAssist has employed legal and operational resources to develop processes that meet the Act's stringent privacy provisions. The main focus has been on safeguarding Protected Health Information (PHI), defined as a sub-set of individually identifiable health information that is transmitted by electronic media; maintained in any electronic medium; or transmitted in any other form or medium. 45 C.F.R. § 164.501 Definitions (2000).

The protection of PHI begins with the comprehensive training of our entire staff, including the execution of a confidentiality agreement upon hire. Continual training, including frequent symposiums keeps our organization abreast of the latest HIPAA provisions.

On a daily basis, PHI is further safeguarded via the following methods:

  • ClaimAssist employs industry standard security policies for access to all systems, including multiple level password entry, captive accounts, and user specific areas of operation. Any system data that would be deemed "sensitive" in nature is protected through restricted log-in access. Confidential information resident on our Optical Scanning Network and PC's is also password protected.
  • Each user is granted a unique I.D. within the application, which in turn has been assigned specific menu capabilities. Menu controls make it possible to grant each user limited access to defined application capabilities on a "need to know" basis in keeping with the minimum necessary standard set forth in 164.502(b).
  • Data encryption of all file transmissions to and from our organization. VPN connections are used for remote connectivity to establish a secure link. All outbound data transmissions are 128-bit data encrypted.
  • All entry doors are either attended or alarmed and locked, with authorized access via an automated pass card system. Entry is granted to authorized personnel only, with tracking software that archives the time, date, and individual's name upon entry. All visitors must sign in and be escorted through the premises by authorized employees.
  • Confidential hard copy files are stored in locked filing cabinets within pass card protected offices. Hard copy material that remains in-house is destroyed via a regularly scheduled shredding process.
  • ClaimAssist utilizes the nation's largest records management company for off-site storage of hard copy files, providing the utmost in security. Material that is stored off-site is destroyed utilizing the latest destruction technology.

ClaimAssist is committed to protecting confidential patient data, and has implemented industry "best practices" to fulfill our obligations, under HIPAA, as your Business Associate. Please do not hesitate to contact us if you would like additional information concerning ClaimAssist's privacy, security and confidentiality procedures.
<img src="../images/spacer.gif" width=494 height=25 border=0>
 
Company Profile
Mission Statement
Our People
Customer Service
I.T. Resources
Legal Administration
 
Cost-Benefit Analysis
Immediate Benefits
Complimentary Services
Proven Performance
Best-in-Class Reporting
HIPAA