Regulations established with the passing of the Health Insurance Portability and Accountability Act (HIPAA) created national standards regarding uses and disclosures of protected health information. It is the policy of NovaSom to be fully compliant with federal HIPAA privacy regulations. The information below includes our privacy policies and procedures and other information regarding HIPAA.
What is the purpose of the HIPAA Privacy Regulations?
The purpose of the Privacy Regulations is to set minimum national standards regarding the confidentiality of individuals' protected health information. "Protected health information" is any individually identifiable health information, including billing and demographic information, that is transmitted or maintained in any form or medium.
The Privacy Regulations give patients important rights. What are they?
Pursuant to the HIPAA Privacy Regulations, patients have the right to:
- Receive a copy of the Notice of Privacy Practices;
- Request restrictions on disclosures of protected health information ("PHI");
- Request alternative means of communicating PHI;
- Inspect and obtain copies of PHI;
- Request amendments to PHI; and
- Receive an accounting of disclosures of PHI.
What administrative requirements has the company implemented?
Pursuant to the HIPAA Privacy Regulations, the company has:
- Appointed a Privacy Officer with management authority;
- Developed and implemented privacy policies and procedures;
- Trained the NovaSom workforce;
- Adopted privacy safeguards; and
- Established a reporting process for privacy violations.
What protections have been implemented for medical records?
HIPAA compliance has been built into NovaSom systems and processes.
- Role-Based Authentication: Access to records, files and data is denied unless it is absolutely necessary for the person to perform a specific job function.
- Access Recording and Auditing: Personnel authorized to access a medical record will leave an audit trail for review by supervisory personnel. Any change to a patient's record will record the date, time and person who made the adjustment.
- Encryption and De-Identification. For transfer or transmission to medical providers, payors/insurers or medical researchers, NovaSom will encrypt files and/or withhold information that could identify a record as belonging to a specific individual.
- Data Integrity: Information will be protected from unauthorized access through security controls as well as physical restriction through storage in a protected data center. Accidental deletion or destruction will be prevented through secure data archiving.