HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a significant health care reform law that passed Congress in 1996. The law has its roots in the Clinton Health Reform proposal, and its primary purpose was to provide better access to health insurance as well as to toughen the law concerning healthcare billing fraud. There are other corollary sections of the law related to administrative simplification and privacy of protected health information that has far-reaching effects for Providers, Payers, Managed Care Organizations, their business associates, and any entity storing, processing, and transmitting healthcare information.

HIPAA amends the Internal Revenue Code of 1986 by :

  • Improving portability and continuity of health insurance coverage in the group and individual markets
  • Combating fraud, waste, and abuse in health insurance and healthcare delivery 
  • Promoting the use of medical savings accounts
  • Improving access to long-term care services and coverage
  • Simplifying the administration of health insurance

In addition, the Act includes provisions for improving and monitoring the security and confidentiality of any records containing health plan member and patient information. In 1998, the Department of Health and Human Services (HHS) proposed, as part of these HIPAA provisions, a Nation Standard Provider Identifier (NPI), a National Standard Employer Identifier and security standards for electronic health data.

The Administrative Simplification rules of HIPAA are intended to improve efficiency in healthcare delivery through standardized, electronic transmission of many administrative and financial transactions as well as protection of confidential health information.

HIPAA Readiness

We take all compliance related concerns of our customers very seriously and we address them proactively. Our delivery centers house the most technologically advanced infrastructure to handle data security issues. Here is how we go beyond the basics.

Data Confidentiality

  • In view of the sensitivity associated with the Healthcare Information, all our teams work on fully locked down dumb terminal PCs which don't have a floppy drive, CD drive or a USB port. No process executive has an email access and there is no movement of data across the globe.
  • The teams have restricted remote access to the client's software applications and tools enabling them to do the work required to accomplish the required services only in a secure manner. Specific client networks are physically isolated and have dedicated firewalls into the client's network for an additional security.

Physical Security

  • In our delivery center, no one is allowed in without screening and no one is allowed to bring in or take any information capture devices including mobile phones and cameras. The facility is truly locked down with access only to authorized individuals in client specific areas protected by card readers and biometric technology enabled protected access systems. A 24x7 security force physically guards the facility against any unauthorized access.

Employee Hiring & Background Checks

  • Our HR department conducts extensive background checks on all new employees prior to our "employee confirmation process." Once confirmed, employees can access our system only with valid logins and passwords. Furthermore, access to sensitive information is on a "need to know basis" and we constantly keep watch to prevent any of our clients' data from being accessed except by authorized employees. In addition, all our employees receive confidentiality training (as required by HIPAA) and must sign confidentiality agreements.