| |
|
| Home | Electronic Vaulting | DropBox | Plug-ins | Security | Pricing | Co-Location | HIPAA | Sarbanes-Oxley | LOGIN | |
 |
|
|
|
April 14th, 2004 |
Privacy - small health plans |
Fines and criminal penalties avoided
Lower liability potential
Lower risk of public exposure
Consumer / Industry confidence
Streamlined process workflow
Increased efficiency
Reduced administrative expenses
Increased data efficacy
Enhanced immunity to disaster situations
Lower long-term costs (ROI)
The road to HIPAA compliance can be long and confusing, but the rewards are worth the effort. Below are examples of how Circadian Force can help an organization achieve compliance in various areas.
What will make an organization successful in their approach to HIPAA? This will be influenced by several factors, a few of which are listed below:
Understanding and acceptance of HIPAA regulations by executive leadership
Willingness to accept change and invest in a solution
Readiness to implement process improvement strategies
Readiness to overcome the impact HIPAA compliance may have within the organization
Recognition of new technologies to meet HIPAA regulations and the creation of a plan for applications that are not HIPAA-compliant
Buy-in for HIPAA compliance across the entire organization
Documentation requirements - the following is a snippet of documents that must be kept for a period of 6 years. This applies to all written or electronic documentation.
Policies and Procedures
Training provided, Privacy Official, Contact Person
Complaints to Covered Entity and their disposition
Notice of Privacy Practices, Acknowledgement, and Good Faith efforts to obtain Acknowledgements
Authorizations
Business Associate Contracts
IRB/Privacy Board Waivers
Designated record sets that are subject to access by the individual, access contact person, requests, and responses
Amendment contact persons, requests, denials, disagreements and rebuttals
Information required to be in accounting, accounting contact person, requests, and accountings provided to an individual
Restriction Request Agreements
HCC Designations
Affiliated Covered Entity Designations
Certification of Group Health Plan document amendment
Verification documents of public officials, personal representatives, etc
Any other communication required by Rule to be in writing
Sanctions taken against members of the Work Force
Your Document Retention Solution
When considering a solution for long-term data storage, it is highly recommended that a Covered Entity seek an off-site location for that data storage. To comply with HIPAA, the data must be stored in a facility with guaranteed uptime, a high degree of security, and top-notch reliability/integrity standards. Circadian Force recommends developing a document retention strategy in a Tier-1 datacenter, as this ensures all the mandates of HIPAA are met. Additionally, it is recommended that the data is transported to this datacenter using a reliable and highly secure Electronic Vaulting product so that the data will stand the test of time.
In order to protect patient information and an organization's well-being, HIPAA mandates that a Contingency Plan exist for compliance. A Contingency Plan is a routinely updated plan for responding to an emergency, disaster, crisis, or catastrophe. This includes a plan for performing backups, preparing critical facilities that can be used to facilitate continuity of operations in the event of an emergency, and disaster recovery. The individual elements comprising this plan are the following:
Application and data criticality analysis
Data backup plan
Disaster recovery plan
Emergency mode operation plan
Testing and revision procedures for all plans
Communication and training of stakeholders in the plans
Your Contingency Plan Solution
Circadian Force specializes in the creation of the above plans. Beyond that, unlike other Disaster Recovery companies that simply provide plans, Circadian provides a complete software solution that takes companies from a plan to a HIPAA-compliant backup solution. Circadian Force is a one-stop-shop for all of the above requirements.
HIPAA calls for formally documented policies and procedures that govern the receipt and removal of hardware and software into and out of a facility. The following will be required:
Access control policies
Accountability policies
Data backup policies
Data storage policies
Data disposal policies
Your Physical Safeguards Solution
Circadian's flagship product, DataForce, stores policy information and enforces strict backup, storage, and deletion rules/regulations. Furthermore, the product generates detailed reports which can be used as audit trails for accountability. The policy information is entered into the software one time and is automatically enforced thereafter. However, should any of the above policies change, the software can be updated to reflect that change within minutes (provided this is approved by the governing committee).
HIPAA requires communications over open or private networks to be protected so that patient information cannot be compromised by unauthorized third parties. This means an organization must identify data that is transported over the intranet or internet and ensure that data is fully encrypted.
Your Encryption Solution
DataForce utilizes a 128-bit algorithm that meets this requirement fully. Regardless of how confidential the patient information, DataForce ensures patient privacy through solid encryption.
HIPAA calls for a device that can detect an abnormal condition within the system and provide an alert as to the problem. Though many HL-7 transaction systems have alarm features built-in to their architecture, most non-proprietary systems that communicate data back and forth do not.
Your Technical Security Solution
DataForce generates reports after every transaction which can be viewed over the web or e-mailed straight to a user's inbox. Also, DataForce automatically performs data integrity checks and checksums to ensure the data was not corrupted during the transfer. If corruption is detected, an e-mail alert is sent to an administrator.
Information must now be collected for potential security audits on transactions and data security, as mandated by HIPAA. This may require keeping logs on existing data, archived data, the evolution of that data, and users that accessed that data.
Your Audit Trail Solution
DataForce produces an audit trail which can be used to track the history of existing data, archived data, changes to the data, and access requests to that data for periods in excess of 10 years. This information can be used for security audits, financial audits, data evolution audits, data storage policies, data deletion policies, access control policies, and general data backup policies.
- $100 per violation
- Capped at $25,000 each calendar year for each prohibition violated
- Up to $250,000 and 10 years in prison for wrongful disclosures of PHI
