iMedicor provides several fantastic features. It combines the rich feature set one would expect from a Professional Health Care Community Portal and a HIPAA-compliant document transfer and messaging system. As such, Vemics, Inc., creator of iMedicor, realizes the need for thorough documentation regarding our HIPAA compliance and awareness. In an effort to exceed expectations and ease the concerns of a community attempting to implement and address a number of federal regulations, we offer the following:
The Health Insurance Portability and Accountability Act (HIPAA) of 1996, Federal Law was enacted by Congress & signed by President Clinton in 1996. The original intent was to make it easier for people to move from one health insurance plan to another (due to job change, unemployment, change in marital status). HIPAA regulation includes the Administrative Simplification Title (II), which sets requirements in the areas of Transactions, Identifiers, Privacy, and Security. Tied into these legislative requirements are compliance dates and penalties for violations.
In compliance with the Security Rule, Vemics, Inc. will follow measures to:
1) Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that it receives, or transmits on behalf of the covered entity.
2) Ensure that any agent, including a subcontractor, to whom it provides such information, agrees to implement reasonable and appropriate safeguards.
3) Report to the covered entity any security incident of which it becomes aware.
4) Authorize termination of the contract by the covered entity, if the covered entity determines that the business associate has violated a material term of the agreement.
As a Business Associate to covered entities, we facilitate secure and encrypted transmission of EPHI between Healthcare Providers. Though recognized as such, we understand your position towards creating a HIPAAcompliant work environment, and take our responsibility to facilitating your needs seriously. Even though, as a Business Associate, Vemics Inc. is not required to meet all of the stringent HIPAA regulations that Healthcare Providers are statutorily obligated to, we have taken innumerable measures to ensure that our company and iMedicor’s messaging system meets or exceeds these expectations. Vemics Inc. is committed to protecting our clients’ EPHI and has instituted policies to ensure that our Healthcare Division workforce is trained, understand, and implement HIPAA security requirements.
While no system can be 100% secure, we promise to make best efforts to protect the Confidentiality, Integrity, and Availability of PHI using the strongest currently available technologies. Vemics Inc. utilizes High-Grade Encryption (AES 256-bit) during transmission of EPHI. (Verifiable through our Certificate Status with VeriSign under “Vemics Inc, Nanuet, New York, US”) Furthermore, Vemics, Inc. uses 1024-bit encryption to protect data at rest within our systems.
How Does Vemics Exceed Regulatory Requirements?
How The Company, Vemics, Inc., Complies:
Have and follow written policies and procedures
Appointed Security Officer
Train employees with access to PHI on HIPAA and the Policies and Procedures
Monitor compliance
Sanction employees who violate HIPAA
Have Business Associate Agreements with Healthcare Providers
Safeguard PHI
How Individual Employees Comply:
HIPAA Awareness
Follow the written Policies and Procedures
Understand how protections apply
Safeguard PHI
Understand mandatory and permissible “uses and disclosures”
F.A.Q.s (Frequently Asked Questions)
1. May a covered entity share protected health information directly with another covered entity's business associate?
Yes. If the HIPAA Privacy Rule permits a covered entity to share protected health information with another covered entity, the covered entity is permitted to make the disclosure directly to a business associate acting on behalf of that other covered entity.
2. What are a c overed entity's obligations under the HIPAA Privacy Rule with respect to protected health information held by a business associate during the contract transition period?
During the contract transition period, covered entities must observe the following responsibilities with respect to protected health information held by their business associates:
Make information available to the Secretary, including information held by a business associate, as necessary for the Secretary to determine compliance by the covered entity.
Fulfill an individual’s rights to access and amend his or her protected health information contained in a designated record set, including information held by a business associate, if appropriate, and receive an accounting of disclosures by a business associate.
Mitigate, to the extent practicable, any harmful effect that is known to the covered entity of an impermissible use or disclosure of protected health information by its business associate.
Covered entities are required to ensure, in whatever reasonable manner deemed effective by the covered entity, the appropriate cooperation by their business associates in meeting these requirements during the transition period. However, a covered entity is not required to obtain the satisfactory assurances required by the Privacy Rule from a business associate to which the transition period applies. Of course, even during the transition period, covered entities still may only disclose protected health information to a business associate for a purpose permitted under the Rule and must apply the minimum necessary standard, as appropriate, to such disclosures.
3. Does iMedicor require the submission and use of our NPI?
Health plans will need to be able to recognize each provider solely by its NPI. As iMedicor is not acting as a clearinghouse nor as an intermediary to Medicare/Medicaid Payors, documents transferred between healthcare professionals are not considered standard transactions and therefore do not require NPI heading information. Furthermore, as NPI’s original purpose is to provide unique identification for these transactions, the data set which iMedicor users are required to submit during registration does in fact provide enough information for unique identification.
References
Information in this document directly refers to several articles on the United States Department of Health & Human Services -- Office for Civil Rights website. Referenced links are listed below:
