SECURITY & HIPAA

 

Axiologic is committed to being a reliable and trusted partner through our high-standards information security and compliance.  Our approach to risk management is to separate risks that need to be managed by line functions and those that need to be managed centrally.

 

What is HIPAA?

HIPAA refers to the adherence to the physical, administrative, and technical safeguards of the Health Insurance Portability and Accountability Act of 1996. It upholds federal regulations by setting standards to protect the Protected Health Information or PHI’s integrity, guarding the patients’ personal information. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.

 

PHYSICAL AND TECHNICAL SAFEGUARDS, POLICIES, AND HIPAA COMPLIANCE

• Limited facility access and control with authorized access in place
• Policies about use and access to workstations and electronic media
• Restrictions for transferring, removing, disposing, and re-using electronic media and ePHI

Along the same lines, the technical safeguards of HIPAA require access control allowing only authorized personnel to access ePHI. Access control includes…

• Using unique user IDS, emergency access procedures, automatic log-off, and encryption and decryption
• Audit reports or tracking logs that record activity on hardware and software

 

Business Associates

The Privacy Rule allows covered providers to disclose protected health information to these “business associates” if the providers obtain satisfactory assurances that the business associate will use the information only for the purposes for which it was engaged by the covered entity, will safeguard the information from misuse, will help the covered entity comply with some of the covered entity’s duties under the Privacy Rule, and help the covered entity carry out its healthcare functions.