HIPAA Compliance
We are committed to mandate and ensure the confidentiality, integrity, and availability of physically and electronically secure ePHI (electronic Protected Health Information) assets by protecting them from unauthorized retrieval, modification, destruction, or disclosure.
MDCS has implemented all the appropriate physical, electronic, and managerial procedures to safeguard and secure the information with hassle-free hosted data security and privacy, while allowing to take advantage of HIPAA-compliant transactions to give complete peace of mind around the practice management system. We are committed to mandate and ensure the confidentiality, integrity, and availability of physically and electronically secure ePHI (electronic Protected Health Information) assets by protecting them from unauthorized retrieval, modification, destruction, or disclosure, and also reliably store the electronic data and provide for emergency access to the data.
We seamlessly incorporate HIPAA- Compliant security and privacy measures as well as transactions into a practice workflow. MDCS has prepared to meet all of the requisite transaction, security, and privacy obligations with as little hassle as possible.
Security
For secure transfer, MDCS uses servers with powerful industry-standard Secure Sockets Layer (SSL) encryption on all communication points to eliminate the chance of the information being decoded and to safeguard the electronic transfer of all data – the same level of security as banks and Federal transactions. Adaption of stringent security measures- all while significantly reducing the security burden on office and staff protecting the computer-stored patient data from both physical access (break-ins, disgruntled employees, etc.) and electronic access (firewalls, complete network, and user security, etc.) MDCS offers a full-service secure data management solution that removes all of the above hassles and enables much easier HIPAA compliance.
The electronic data is stored in a world-class data center facility that has high security, highly secure access, 24-hour monitoring and patrolling, locked server cages, and state-of-the-art firewall protection with a robust backup system and disaster recovery planning.
Automatic Sign Off
The system will be automatically logged out after a period of inactivity, to prevent unauthorized access to patient records.
“Trust our rigorous security measures to uphold HIPAA standards and protect your sensitive health information.”
User Loggin
Automatically tracks all users logging into and out of the system for reference by a system administrator.
Audit Trail
The system permanently tracks any changes made to PHI, so those changes can be reviewed at any time by a system administrator. Privacy regulations protect the confidentiality of the patient’s individual medical information with respect to others. These privacy regulations apply to all ePHI – paper, verbal, and electronic.
- Administrative Safeguards
- Physical Safeguards
- Technical Safeguards
User Roles
The system restricts access to ePHI based on administrative rights and user roles so that the electronic information is revealed only to those authorized to access it.
Consent
MDCS uses a set of patient consent management tools, including electronic form storage and automated reminders. We ensure minimum necessary access to sensitive information through role-based access authenticated by using strong passwords. A comprehensive and thorough risk analysis is conducted annually by independent external auditors with expertise in security regulatory compliance to evaluate compliance with objectives of regulations such as HIPAA and other Industry Standards. We thoroughly understand HIPAA regulations and relationships, as the HIPAA regulations continue to change and various deadlines arrive, MDCS will continue to follow and adopt best practices to meet the HIPAA obligations.