HIPAA Compliance

Safeguarding Protected Health Information (PHI)

snapscale¹, is considered a Business Associate, which is an organization that performs a function or activity involving the use or disclosure of Protected Health Information (PHI) on behalf of a covered entity but is not part of the covered entity’s workforce. When business associates are involved in the use or disclosure of PHI while performing a function on behalf of a covered entity, we adhere to the same standards for safeguarding PHI as the covered entity.

PHI Confidentiality and Training

We will only use PHI given to us by a covered entity (healthcare provider) in accordance with the specific use and purpose specified in the Business Associate Agreement with the covered entity. All members of our workforce who are likely to come into contact with PHI are given HIPAA awareness training and are trained in this organization’s policies and procedures with respect to PHI.

It is the policy of our organization to take appropriate steps to promote compliance with the requirements for maintaining the confidentiality of PHI. Our organization takes its requirements under HIPAA seriously to protect the confidentiality of PHI and will respond appropriately to violations of HIPAA policies.

Safegaurds

Our organization will not use or further disclose protected health information other than as permitted under the contract or as required by law. We use appropriate safeguards to prevent the use or disclosure of protected health information other than what is provided by the agreement, such as:

A firewall was installed to protect against unauthorized intrusion.
A virus detection system was implemented, including a procedure to ensure that the virus detection software is maintained and updated.
Use of the Internet via our network is not permitted for personal use.
All systems require a valid user ID and password. Users are not permitted to allow other persons or entities to use their unique user ID and password, smart card, or other authentication information.
Users log off the system before going to lunch, taking breaks, and when they end their shift for the day.
All terminals have a password-protected screen saver that will be activated after five minutes of inactivity and automatic logoff of systems after 15 min of inactivity.

All users change their passwords at least every THREE months.
After three unsuccessful attempts to enter a password, the user ID will be suspended until reset by our system administrator.
Upon termination, all passwords for the employee will be immediately changed or deactivated.
Passwords will be changed immediately in the event of a suspected or actual password breach.
All mobile phones are stored in a locked locker to prevent unauthorized use.
The office is locked, where the workstations are contained, when not in use.

Members

The following members of our organization serve as our HIPAA Security, Compliance, and Technology officers:

David Justus

Vice President of Operations

HIPAA Security Officer

Amy Cohen

Director of Engagement

HIPAA Compliance Officer

Nic Ancho

Healthcare VA Team Leader

Assistant HIPAA Compliance Officer

Albert Yoshida

Country Manager (PH)

HIPAA Technology Office

1 - Brobizco, LLC dba snapscale (Brobizco, LLC is snapscale's parent company and legal authority.)

snapscale Articles and Guides