Privacy and Security Practices
The Health Information Technology for Economic and Clinical Health Act (HITECH) provisions of the American Recovery and Reinvestment Act of 2009 (ARRA) have extended the administrative, physical, and technical safeguards, and policy, procedure, and documentation requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") to business associates of a covered entity.
The National Perinatal Information Center/Quality Analytic Services (NPIC/QAS), in its capacity as a Business Associate, is committed to ensuring the privacy and security of our customer's protected health information ("PHI") in a manner compliant with the legal obligations imposed by HIPAA. NPIC/QAS follows strict guidelines and policies to ensure compliance with administrative, technical and physical safeguards to protect the confidentiality, integrity and availability of any PHI data collected or maintained.
Statement of Privacy and Security Practices
- Appointed a HIPAA Officer to manage responsibilities related to HIPAA regulatory requirements.
- Use industry standards and best practices to safeguard and protect data from loss, misuse or unauthorized access, disclosure, alteration and destruction.
- Maintain an unwavering commitment to infrastructure monitoring, upgrades and technical staff training to ensure technologies meet regulatory standards.
- Perform routine review of risk and procedures to assess systems and processes against evolving technologies and threats.
- Require employee agreements regarding privacy, confidentiality and appropriate use of network and email practices.
- Conduct employee training and awareness program emphasizing HIPAA privacy and security compliance.
- Perform employee background checks and thorough review of competencies to ensure professional and industry standards are met.
- Maintain Business Continuity and Disaster Recovery Plan to minimize operational down-time. Recovery assurance is provided by automated data backup to secure offsite storage.
- Insure HIPAA compliant administrative policies governing the appropriate use, transmission, protection, disposal, and incident reporting of PHI data collected or maintained.