HIPAA Compliance
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. See below for our compliance with HIPAA standards. There are mandatory standards for HIPAA compliance marked by (Required), and voluntary standards marked by (Optional) that SenSights is striving for compliance.
Updated August 1st, 2020
The following list will follow in the format of:
Standard Name
Standard Description
Standard
Description
Compliance
Unique User Identification
(Required) Assign a unique name and/or number for identifying and tracking user identity
Automatic Log off
(Optional) Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity
Authentication
(Required) Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed
Encryption and Decryption
(Required) Implement a mechanism to encrypt and decrypt ePHI.
Integrity Controls
(Optional) Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of
Encryption
(Optional) Implement a mechanism to encrypt ePHI whenever deemed appropriate
Audit Controls
(Required) Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI
Contingency Operations
(Optional) Establish (and implement as needed) procedures that allow facility access in support of data restoration under the disaster recovery and emergency operations plan in the event of an emergency
Facility Security Plan
(Optional) Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft
Access Control and Validation Procedures
(Optional) Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision
Disposal
(Required) Implement policies and procedures to address the final disposition of ePHI, and/or the hardware or electronic media on which it is stored.
Media Re-Use
(Required) Implement procedures for removal of ePHI from electronic media before the media are made available for re-use.
Accountability
(Optional) Maintain a record of the movements of hardware and electronic media and any person responsible therefore.
Data Backup and Storage
(Required) Create a retrievable, exact copy of ePHI, when needed, before movement of equipment.
Emergency Access Procedures
(Required) Establish (and implement as needed) procedures for obtaining necessary ePHI during an emergency
Not Applicable Compliance