HIPAA Compliance  Committment
In light of recent media attention related to HIPAA Security,  EMS|MC would like to reiterate our dedication to protecting your agency  against unauthorized data breaches. At EMS|MC, we are committed to  protecting the privacy and security of your patient’s protected health  information in accordance with HIPAA and HITECH Regulations as well as the  Identity Theft/Red Flag Compliance. We understand the importance of these  protections and it is our priority to maintain your trust in our  relationship.
In compliance with these Privacy and Security Regulations,  EMS|MC has extensive policies and procedures to adhere to these  guidelines. EMS|MC maintains a comprehensive Compliance Program with  policies and procedures that include, but are not limited to:
- NISTÂ 800-66 Compliant
- SSAEÂ 16 and SAS 70 Type 1 and 2 Certified
- Designated Chief Compliance Officer, Compliance Manager, and IT Security Officer       oversee all compliance related activities
- Corporate Compliance Committee meets monthly to discuss compliance related       inquiries, identify risk areas, and develop compliance policies.
- Annual Mandatory Compliance Training and Education Programs with signed       acknowledgement of understanding and commitment for all employees
- Employment Background Checks, Criminal History Checks, and OIG Exclusion Database       Verifications for all employees
- Signed Employee Confidentiality Agreement, Confidentiality and Dissemination of       Confidentiality Attestation Statement, and Compliance Code of Conduct
- User defined profiles limiting access to minimum use necessary based on roles and responsibilities
- Data Destruction Policies for all sources of PHI to include paper, electronic, and/or hardware devices
- Secure Work Environment with key fob entry system, building security alarm system, and locked offices, storage areas and other areas in which PHIÂ may be stored.
- Data Disaster Recovery Plan and Data Backup Policies
- Secure Network and Email Encryption with Virus and Firewall Protection
- Secure  FTP for sharing files with clients and external partners
- Contracts, Compliance Program and Business Associates Agreements with all vendors       and subcontractors
- Prohibited printing capabilities from VPN, Citrix and Telecommuting Systems
- Ongoing monitoring of account access maintained through a history log of users       accessing and/or modifying accounts
- Breach Notification Policy to immediately notify patients when their data may have been compromised
- PCI Compliance to ensure that credit card information is not stored after the transaction has been completed
- Red Flag Policy that identifies and notifies patients that may be victims of identity theft
The above policies are maintained by our Chief Compliance Officer and are available upon request. If you have any questions related to HIPAA Privacy and Security or EMS|MC Policies and Procedures,  please contact our Chief Compliance Officer at (336) 766-4448.
|