The Health Insurance Portability and Accountability Act (HIPAA) and SOC I TYPE 2 defines our policies, procedures, and processes that are used when Postal Method’s stores, processes, or handles electronic protected health information (ePHI).
At Postal Methods we take our responsibilities towards customer & patient confidentiality very seriously and have dedicated both resources and time to train our workforce and develop and implement all of the components of our HIPAA Compliance Program.
To ensure we are compliant with HIPAA and SOC 1 TYPE 2, we have the required safeguards in place to protect ePHI, and demonstrate HIPAA compliance to our clients:
- Postal Methods has developed and implemented a comprehensive HIPAA Compliance Program following the HIPAA Privacy and HIPAA Security Rule – focusing on the administrative, physical and technical requirements of the HIPAA Security Rule as it applies to any potential risk associated with the use of PHI in our business.
- Postal Methods has a designated HIPAA Privacy and Security Compliance Officer
- Postal Methods has provided every member of our staff which also includes new hires, annual training.
- Postal Methods has a formal established Employee Sanctions Policy should any HIPAA compliance violations occur.
- Postal Methods ensure technological protocols such as: tight access controls, integrity procedures, firewalls, information systems activity monitoring and other audit mechanisms to record access in information systems that use ePHI, use of encryption, automatic logoffs, password management procedures, and VPN tunnel.
- Postal Methods has conducted a formal risk assessment to identify and document any area of risk associated with the storage, transmission, and processing of ePHI and have analyzed the use of our administrative, physical, and technical controls to eliminate or manage vulnerabilities that could be exploited by internal or external threats.
- Postal Methods has limited access to ePHI.
We are Dedicated to:
- Ensuring we are compliant with the regulatory requirements of HIPAA
Continuing to develop our safeguards to prevent unauthorized access to PHI. Adhering to the requirement to encrypt PHI
- Maintaining PHI in a secure environment
- Monitoring access to both the secure environment and the data
Our HIPAA policies include, but are not limited to, the following key areas:
- Security Management Policy
- Risk Analysis Policy
- Risk Management Policy
- HIPAA Compliance Officer Job Description
- Workforce Security Policy
- Authorization and Supervision of Staff Procedure Workforce
- ePHI Access Authorization Procedure
- Termination Procedure
- Business Associate Policy
- Information Access Management
- Access to ePHI Modification
- Security Awareness Training
- Security Training
- Password Management
- Oral Disclosures of PHI
- Security Incident Procedures
- Incident Investigation Procedure
- Contingency Plan
- Backup Plan
- Disaster Recovery Plan
- Emergency Mode Operation
- Applications and Criticality Analysis
- Evaluation of the HIPAA policies and procedures
- Business Associates
- Physical Safeguards Standards and Policy
- Workstation Use
- Device and Media Controls
- Disposal of ePHI
- Media Re-Use
- Data Backup and Storage
- Technical Safeguards Standards Policy
- Access Control
- Unique User Identification
- Emergency Access Procedure
- Automatic Logoff
- Antivirus and Firewalls
- VPN Protocol
- Additional Safeguards Employed
- Access Control
- Audit Controls
- Sanctions Policy
We are Confident that Our Comprehensive HIPAA Policies and Procedures Will:
- Ensure the confidentiality, integrity, and availability of all e-PHI we receive, maintain or transmit
- Identify and protect against reasonably anticipated threats to the security or integrity of the information
- Protect against reasonably anticipated, impermissible uses or disclosures
- Ensure compliance of our workforce.