HIPPA Compliance

Well Beyond Care has taken the necessary steps to insure that it is following the guidelines set up as part of HIPAA, or the Health Insurance Portability and Accountability Act. This Act sets the standard for protecting sensitive patient data. As the Company deals with protected health information (PHI) we must ensure that all the required physical, network, and process security measures are in place and followed. This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.

As part of the HIPAA Privacy Rule addressing the saving, accessing and sharing of medical and personal information of any individual, and the HIPAA Security Rule which outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI), Well Beyond Care has taken the necessary steps to ensure that the Company is using a HIPAA compliant hosting provider to store our data, and that certain administrative, physical and technical safeguards are in place, according to the U.S. Department of Health and Human Services. These safeguards include:

  • Physical safeguards limiting facility access and control, with authorized access in place including policies about use and access to workstations and electronic media.
  • Technical safeguards with access control allowing only the authorized to access electronic protected health data.
  • Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software.
  • Technical policies to cover integrity controls, or measures to confirm that ePHI has not been altered or destroyed as well as disaster recovery and offsite backup.
  • Network, or transmission, security to protect against unauthorized public access including the transmitting of data, whether it be email, Internet, or even over a private network, such as a private cloud.