The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was created to safeguard the integrity, confidentiality, and availability of the patient's Protected Health Information (PHI). Although software vendors are not considered to be Covered Entities, health care providers need to make sure that software used in the storage and maintenance of PHI allows the Covered Entity to be compliant. emsCharts, as an Application Service Provider (ASP), takes a more involved role than the typical software vendor. Since PHI is stored on remote servers, and information is transmitted over public networks such as the Internet, we take on part of the responsibility of maintaining PHI on behalf of the customer, and as such become their Business Associate.
45 CFR Part 142: Security and Electronic Signature Standards
emsCharts operates as a central repository of PHI and allows access to this information through a web-based interface. Most HIPAA compliancy concerns from customers are associated with the use of the Internet and remotely located databases. Part 142 outlines security measures which must be in place in the form of Administrative Processes, Physical Safeguards, Technical Security Services, and Technical Mechanisms. emsCharts has taken sufficient measures to comply with all requirements of 45 CFR Part 142.
45 CFR Parts 160 and 164: Standards for Privacy of Individually Identifiable Health Information
The majority of Parts 160 and 164 apply to the creation of administrative policies and procedures for the Covered Entity. To assist in this process, the emsCharts suite of products contains features such as those listed below:
- Access Audit Trail
- Tracking of Notice of Privacy Practices (including revisions)
- Role-based security access
- Data maintenance and disaster recovery
- Policy and Procedures online
- Online seminars - services can provide HIPAA seminars for recurrent and initial training.