HIPAA/HITECH Act Compliance Policy
Green Medical Solutions, LLC (GMS) operations meet or exceed HIPAA and HITECH Act standards designed to protect the security and privacy of Protected Health Information (PHI). Our platform provides a HIPAA-compliant environment for health care providers (HIPAA-covered entities) to generate electronic medical record documents and manage patient information.
“HIPAA” is the Health Insurance Portability and Accountability Act, a Federal law that assists employees who change jobs by limiting the extent to which their new employers’ health plans can establish barriers that delay or prevent the employees from becoming fully covered under the plan. HIPAA gives the U.S. Department of Health and Human Services (HHS) the authority to mandate the use of standards for exchange of health care data, specify which medical and administrative code sets should be used within those standards, require the use of national identification systems for health care patients, providers, payers (or plans), and employers (or sponsors), and specify the types of measures required to protect the security and privacy of personally identifiable health care information.
“HITECH Act” is the Health Information Technology for Economic and Clinical Health (HITECH) Act, a part of the American Recovery and Reinvestment Act of 2009 (ARRA). This broad economic stimulus package includes incentives related to general health care information technology such as the creation of a national health care infrastructure and incentives to accelerate adoption of electronic health records among health care providers. Because this legislation anticipated a massive expansion in the exchange of electronic protected health information (ePHI), the HITECH Act also widened the scope of privacy and security protections under HIPAA, increased potential legal liability for non-compliance, and provided for more enforcement.
“Protected Health Information (PHI)” is all individually identifiable health information in any form or media. This includes demographic information such as name, address, and phone number, information related to the past present or future physical or mental health conditions of an individual and/or the provision of health care, payment information, and any information that identifies an individual or for which there is a reasonable basis to believe can be used to identify an individual.
“Business Associate” is a person who, other than in the capacity of a member of the workforce of the Licensee, performs or assists in the performance of a function or activity involving the use or disclosure of individually identifiable health information, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing, or any other function or activity regulated by HIPAA. Business Associates are legally bound to the same HIPAA standards as covered entities.
GMS Commitment to Privacy and Security. GMS utilizes a variety of measures to receive, transmit, and maintain the integrity, safety, and security of all confidential information:
- Key-based authentication to access virtual servers via a 2048-bit RSA key pair with private and public keys and a unique identifier for each key pair to facilitate secure access.
- Secure Socket Layer (SSL) 256-bit AES encryption algorithms to protect data security during electronic transmission.
- Payment gateway and database application provider databases are SAS 70 Type II Certified and ISO 27001 Security Certified.
- Internal physical and electronic security restrictions to limit data access.
- Automatic creation and storage of multiple redundant copies in separate data centers.
- Auditing capabilities.
- Data back-up procedures.
- Disaster recovery mechanisms.
Independent Responsibility. Health care providers who utilize GMS products and services, and their employees and Business Associates (including GMS), have an independent responsibility to comply with all HIPAA and HITECH Act provisions. This includes the ongoing care and protection of any and all patient documents created utilizing the GMS platform.