Compliance and Patient Privacy

Security

eHealth Technologies implements security policies in both a physical and electronic manner consistent with HIPAA Requirements, including but not limited to: Badged Access into PHI Secure Areas, Minimum Necessary Standard, Information System Security, Acceptable Use, Password Management, Corrective Action, Change Control, Identity Theft and Red Flag Rules, Record Management, Disaster Recovery, Breach Notification, and HIPAA Violations Policies.

eHealth Technologies makes use of a combination of the Microsoft Azure Cloud Computing Facility and eHealth Hosted Services. As a general rule, the hosted services are used for imaging or VPNs to customer sites supplied as part of an integration, and cloud services are used for all other systems.

eHealth Technologies is HITURST CSF certified and has also received a SOC 2, Type ll certification in prior years. Both of these examinations evaluate our organization’s system by using predefined trust services principles and criteria for security, availability, processing integrity, confidentiality, or privacy as a benchmark for evaluating the effectiveness of controls.

Privacy

eHealth Technologies promotes an atmosphere of privacy protection and requires strict compliance with HIPAA Requirements with regard to patient consent and authorization, risk assessment and breach notification, including implementing the following: Policies and Procedures for Handling Protected Health Information; Online HIPAA Course titled “HIPAA Privacy and Security for Associates” and corresponding testing course at conclusion; Recognition of the 18 Identifiers of PHI; Promotion of the Minimum Necessary Standard; Risk Assessment and Breach Notification; Corrective Action/Preventative Action; Clean Desk Policy; Secure Area Access including a Badge Access Review Committee; Record Management and Audit Trail Logs; Incident Notification Process; HIPAA Violations Policies; and Live Classroom Instruction by Chief Privacy Officer on Potential Penalties and Sanctions.

eHealth Technologies makes use of online and live classroom instruction and refresher courses conducted on an annual basis to promote privacy awareness and continued compliance, including certification that all incidents were reported to management and that no known breaches have occurred throughout the year.

HIPAA Compliance

eHealth Technologies implements an architecture that enables its customers to comply with the Privacy and Security requirements that govern the administrative, physical and technical safeguards in handling Protected Health Information (“PHI”) and electronic Protected Health Information (“ePHI”) that are mandated by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), the American Recovery and Reinvestment Act of 2009 (“ARRA”), and the Final Omnibus Rule (“Final Rule”) (all collectively referred to as “HIPAA Requirements”).