eHealth Technologies implements security policies in both a physical and electronic manner consistent with HIPAA Requirements, including but not limited to: Badged Access into PHI Secure Areas, Minimum Necessary Standard, Information System Security, Acceptable Use, Password Management, Corrective Action, Change Control, Identity Theft and Red Flag Rules, Record Management, Disaster Recovery, Breach Notification, and HIPAA Violations Policies.
eHealth Technologies makes use of a combination of the Microsoft Azure Cloud Computing Facility and eHealth Hosted Services. As a general rule, the hosted services are used for imaging or VPNs to customer sites supplied as part of an integration, and cloud services are used for all other systems.
In 2016, eHealth Technologies also completed a Service Organization Control No. 2 (SOC 2) Type ll examination. A SOC 2 Type ll examination evaluates a service organization’s system by using predefined trust services principles and criteria for security, availability, processing integrity, confidentiality, or privacy as a benchmark for evaluating the effectiveness of controls throughout a six to twelve-month period.
eHealth Technologies promotes an atmosphere of privacy protection and requires strict compliance with HIPAA Requirements with regard to patient consent and authorization, risk assessment and breach notification, including implementing the following: Policies and Procedures for Handling Protected Health Information; Online HIPAA Course titled “HIPAA Privacy and Security for Coders, Billers, and the HIM Staff” and corresponding testing course at conclusion; Recognition of the 18 Identifiers of PHI; Promotion of the Minimum Necessary Standard; Risk Assessment and Breach Notification; Corrective Action/Preventative Action; Clean Desk Policy; Secure Area Access including a Badge Access Review Committee; Record Management and Audit Trail Logs; Incident Notification Process; HIPAA Violations Policies; and Live Classroom Instruction by Chief Privacy Officer on Potential Penalties and Sanctions.
eHealth Technologies makes use of online and live classroom instruction and refresher courses conducted on an annual basis to promote privacy awareness and continued compliance, including certification that all incidents were reported to management and that no known breaches have occurred throughout the year.
View our Notice of Privacy Practices if you have additional questions about how we will protect your PHI.
eHealth Technologies implements an architecture that enables its customers to comply with the Privacy and Security requirements that govern the physical, administrative, and electronic handling of Protected Health Information (“PHI”) and electronic Protected Health Information (“ePHI”) that are mandated by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), the American Recovery and Reinvestment Act of 2009 (“ARRA”), and the Final Omnibus Rule (“Final Rule”) (all collectively referred to as “HIPAA Requirements”).