Humedica is committed to enforcing Health Insurance Portability and Accountability Act (HIPAA) compliance through the application of stringent data use, privacy and security policies. Humedica has met or exceeded the expected HIPAA standards in the following ways:
- Completing the required Risk Assessment, and the Privacy and Security Assessment. Humedica employs a Director of Information Security who is responsible for information system monitoring and information security policy and procedure management.
- Humedica employs a Director of Privacy and Regulatory Compliance who is responsible for compliance to the HIPAA/HITECH rules as well as Federal, and State laws relevant to privacy and compliance.
- Humedica has implemented and trains their employees on a full complement of Policies and Procedures which dictate acceptable work practices, and map directly to the HIPAA Administrative, Physical, and Technical Safeguards.
- Humedica requires all employees to complete annual HIPAA training including a mandate that requires employees working with PHI to complete HIPAA training prior to being allowed access to any of the Humedica systems.
Beyond the HIPAA rules, Humedica manages the privacy restrictions that are detailed in Federal and State law requirements relevant to alcohol and drug abuse, genetic testing results, sexually transmitted diseases, HIV, and psychotherapy which are more stringent than the HIPAA through the use of technical as well as Policy and Procedure mandates. Humedica requires an independent Privacy Board review prior to allowing access to this highly protected data.
Humedica has implemented an independently verified process that statistically de-identifies data. Health care providers are able to view their own patient data in an identified manner; however, life sciences and research customers are allowed access only to the de-identified aggregated patient and provider data. This ensures patient privacy and eliminates the possibility of re-identification for both the Health Care System’s identity as well as the individual practitioners’ identity.
In summary, Humedica has taken the appropriate measures and continuously reassesses our policies and procedures to ensure that all HIPAA rules have been addressed, and privacy for both the patients and the health care providers is stringently maintained.
Should you have any questions about our HIPAA Privacy and Compliance Program, please contact us by email at firstname.lastname@example.org, phone 617-475-3800 or mail, 1380 Soldiers Field Road, Boston, MA 02135.
Last Updated: November 12, 2012