Dataworks Development Inc. and the Health Insurance Portability and Accountability Act (HIPAA)
HIPAA and the HITECH Act
In alignment with the Health Insurance Portability and Accountability Act of 1996 and the HIPAA Omnibus Final Rule of 2013, Dataworks Development has continued to strive toward providing products that assist customers in their efforts to protect patient’s privacy.
In February of 2003 The Department of Health and Human Services released Health Insurance Reform, Security Standards, and the Final Rule for 45 CFR Parts 160, 162, and 164 including: transactions and code set standards, identifier standards, privacy rule, security rule, enforcement rule, and breach notification rule. Freezerworks® products align with all requirements set forth in the Final Rule.
The Health Information Technology for Economic and Clinical Health Act (HITECH) was enacted in February of 2009 as part of the American Recovery and Reinvestment Act. The HITECH Act deals specifically with health information technology and includes a new breach notification rule. Customers can rest assured that Freezerworks® products will make HITECH and HIPAA compliance easier.
Freezerworks® Assists with Security Standards
45 CFR Part 164 (Security and Privacy) delineates many standards for covered entities regarding the safeguarding of electronic protected health information (PHI). Freezerworks® products provide customers with workforce security in implementing Administrative Safeguards [Section 164.308] as well as Technical Safeguards [Section 164.312].
Freezerworks® contains features to safeguard all data. Unique user names and passwords prevent unauthorized personnel from entering a database. The system administrator is able to designate permission levels for sample records and views ensuring PHI is only seen by necessary users. All Freezerworks® products further control unwanted access to data by allowing the optional use of SSL encryption in transmission of data.
With the release of Freezerworks 2015, the viewing of PHI will be strictly controlled and documented in a non-editable audit trail.
Edits can be set by the System Administrator for each User-Defined Field. These edits limit and check data entry or manipulation with choice lists, uniqueness checks, value ranges, data type checks, and other criteria.
Contact Dataworks for more information on how Freezerworks® can assist your company with following HIPAA standards and protecting your data.
Dataworks as a Business Associate
During routine software maintenance, it may be necessary for Dataworks to view, receive, maintain, or transmit customer data that could include protected health information. HIPAA standards describe this as a “Business Associate” relationship. The HITECH Act and HIPAA Omnibus Final Rule of 2013 have extended requirements and penalties to include business associates. To assist customers with HIPAA compliance, Dataworks routinely cooperates with institutions in executing Business Associate Agreements.
Dataworks has implemented appropriate security measures to protect the confidentiality, integrity, availability and viability of any customer data it comes in contact with. Every employee and subcontractor is required to sign Dataworks’ Non-Disclosure Policy regarding customer data, preventing them from disclosing any data content. Additional policies, procedures, and internal audits include multiple safeguards for viewing or manipulating customer data. Customer data files are only viewed or transmitted using secure networking tools. All data files are returned and/or destroyed once maintenance issues have been solved. No backup copies are retained.
In the unlikely event a security breach is detected, covered entities will be notified within 48 hours.