HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996, and the term is also frequently used to mean the many regulations, which have been published since 1996 under that law. The HIPAA regulations, including the much-publicized Patient Privacy and Security regulations, are a series of legislation that portray the US Government’s efforts to regulate the healthcare industry.
HIPAA insists that any organization that stores or transmits patient information must take enterprise-wide steps to adhere to HIPAA's sweeping privacy, security and transactions standards. Essentially, HIPAA requires healthcare entities to ensure that they protect personal health information and the privacy rights of patients.
Under HIPAA’s Privacy Rule, RM Healthcare is a Business Associate. A Business Associate (BA) is any person(s) or entity, which performs a function or activity on behalf of a Covered Entity (CE) and involves the use or disclosure of Protected Health Information (PHI). At RM Healthcare, we are very serious about compliances. We have undertaken various steps and designed our process to ensure we are fully compliant. Our entire network is very secure. All clients' office records are temporarily stored behind a secure firewall before deletion and all electronic claims are securely encrypted for transmission. Your privacy and security are given the highest priority at RM Healthcare. RM Healthcare ensures that all the changes and updates made by HIPAA are properly and correctly communicated amongst the team to ensure highest standards of security and confidentiality.
Every employee at RM Healthcare enters into a confidentiality agreement, the terms of which state that they agree not to use, publish or disclose, or permit others to use, any confidential information they may come in contact with.
Violation of this agreement warrants termination and legal action.
Access cards and biometric access screening control entry of employees into the facility. Our facility is manned 24 X 7 and unauthorized intrusion is practically impossible.
Access to critical areas such as the server room is restricted and only authorized personnel have entry rights to these sensitive areas.
Full Internet/Email access is provided to only authorized personnel. Access to computer systems is restricted by logins and passwords, which is unique for every employee.
Completely paperless environment – mainly for security and as a consequence, a ‘Go-Green’ initiative as well.
Connection to the clients’ servers are through secure site-site VPN tunnels with 128-bit encryption.
A dedicated Compliance Officer ensures compliance management processes, which are updated regularly and are stringently adhered to.