HIPAA Compliance
Providing Safe and Secure Drug Testing
What is the HIPAA Privacy Rule?
The U.S. Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to enforce HIPAA requirements. The Privacy Rule Addresses the use and disclosure of the health information for individuals by covered entities subject to the Rule. It also creates a standard for individual privacy rights to control and understand how their health information is used.
Within HHS, the Office for Civil Rights (OCR) has a responsibility to implement and impose the HIPAA Privacy Rule with respect to voluntary compliance activities and civil money penalties. Anyone can file a complaint to the OCR if they believe a HIPAA violation has occurred.
What are the HIPAA Compliance Requirements?
Administrative Safeguards: These safeguards have to do with the policies and procedures you have in place to ensure the proper employee management, training, and oversight for staff that come into contact or manage protected health information.
Technical Safeguards: These are usually safeguards that website hosts don’t touch. They include things like encryption and decryption, audit controls, emergency access procedures, HIPAA file storage and more.
Physical Safeguards: These are the safeguards around the security of the data and includes data redundancy and failure requirements, access to servers, and more.
HIPAA Compliance in eRAMx Live Remote Drug Testing
HIPAA Compliant Administrative Safeguards
eRAMx Live Remote Drug Testing has implemented the following administrative components required by a HIPAA compliance program.
- Assigned privacy officer
- Complete an annual risk assessment
- Provide orientation and ongoing employee trainings
- Conduct systematic and thorough annual review of all policies and procedures
- Execute Business Associate Agreements (BAAs) with all partners who handle protected health information (PHI).
HIPAA Compliant Technical Safeguards
eRAMx Live Remote Drug Testing observes the following technical safeguards:
- Unique User Identification: We assign a unique name and/or number for identifying and tracking user identity.
- Emergency Access Procedure: Established procedures for obtaining necessary ePHI during an emergency.
- Authentication: Implementation of procedures and safeguards to verify that a person or entity seeking access to ePHI is the one claimed.
- Automatic Logoff: We have electronic procedures that terminate an electronic session after a predetermined time of inactivity.
- Encryption and Decryption: We have implemented a mechanism to encrypt and decrypt ePHI.
- Audit Controls: We have implemented hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.
- Mechanism to Authenticate ePHI: We have implemented electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.
HIPAA Compliant Physical Safeguards
eRAMx Live Remote Drug Testing observes the following physical safeguards:
- We have fully developed documentation on access control.
- We validate all people accessing servers where ePHI is stored.
- We have fully developed and documented emergency recovery requirements.
- We have established requirements for the re-use and disposal of media that holds ePHI.
- Integrity Controls: We have implemented security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of.
- Encryption: We have implemented a mechanism to encrypt ePHI whenever deemed appropriate.
Questions?
We’d love to tell you more about our secure, HIPAA compliant platform.