UNIQUE ITES & MEDICAL BILLING COMPANY

KC Caretech,Inc.

684 West Figueroa Dr.

Altadena, California 91001.

PH #(626)310-0416

HIPAA Compliance

..............................................................................................................

The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996.

According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs.

Title II of HIPAA, the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

The AS provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the US health care system.

WE PROVIDE UNIQUE ITES AND MEDICAL BILLING SOLUTIONS

Admin Safeguad

Physical Safeguard

Administrative Safeguards - policies and procedures are designed to show how the entity will comply with the act

Our Procedures identify employees or classes of employees who will have access to electronic protected health information (EPHI). Access to EPHI is restricted to only those employees who have a need for it to complete their job function.

We have an appropriate ongoing training program regarding the handling of PHI to employees performing health plan administrative functions.

We Conduct internal audits which play a key role in HIPAA compliance by reviewing operations with the goal of identifying potential security violations. Policies and procedures are specifically documented the scope, frequency, and procedures of audits. Audits are done both routine and event-based.

Physical Safeguards - controlling physical access to protect against inappropriate access to protected data

Controls govern the introduction and removal of hardware and software from the network. (When equipment is retired it must be disposed of properly to ensure that PHI is not compromised.)

Access to equipment containing health information is carefully controlled and monitored.

Access to hardware and software is limited to properly authorized individuals.

Required access controls consist of facility security plans, maintenance records, and visitor sign-in and escorts.

Policies are to address proper workstation use. Workstations monitor screens are not in direct view of the public.

Tech Safeguard

Technical Safeguards - controlling access to computer systems and enabling covered entities to protect communications containing PHI transmitted electronically over open networks from being intercepted by anyone other than the intended recipient.

Information systems housing PHI is protected from intrusion. When information flows over open networks, some form of encryption are utilized. If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional.

Each covered entity is responsible for ensuring that the data within its systems has not been changed or erased in an unauthorized manner.

Data corroboration, including the use of check sum, double-keying, message authentication, and digital signature are used to ensure data integrity.

Covered entities also authenticate entities it communicates with. Authentication consists of corroborating that an entity is who it claims to be. Examples of corroboration include: password systems, two or three-way handshakes, telephone callback, and token systems.