HIPAA Compliance & Data Security
-HIPAA Compliance Statement-
Hexa takes painstaking measures to protect all information related to patients. Our internal procedures for privacy and security meet and exceed all HIPAA regulations related to Electronic Transmission of Patient Information.
Access to our facilities is controlled by key entry only. Only authorized staff that is fully aware and trained in the HIPAA Privacy requirements will be issued access.
- 128-bit SSL secured and redundant platform for online account.
- Personalized Account login ID and Password authentication for online account access.
- HIPAA compliant secured email account provided for all accounts for transferring any PHI.
- We use an ICSA certified firewall and filter on incoming ports allowing only FTP and management ports for administrative access into our system.
- Our network performs Network Address Translation (NAT) and addresses cannot be routed without traversing the firewall.
- When our FTP Server is accessed with any FTP Client that also supports SSL all files are encrypted while being sent across the Internet. This means, anyone intercepting any data while it is being transferred from our server to your computer could not interpret or decode this data.
- To access any data from our FTP Server, a valid username and password is required.
- Communication of PHI or other confidential information using secured email.
- Access to our network is limited by auto-logoff, ID/password protection, password protected screensavers, and a security-enabled OS (HP computers with Windows 2008 Server and Windows 7 desktops.)
- Only fully trained staff has access to the server and billing software for support and maintenance.
- We will not provide access to any files on our system to any other person other than those authorized by the originator of the dictation.
- We will not release any files directly to a patient.
- The responsibility for enabling the patients to control their health records including access, disclosures, 'minimum necessary' standard, consent and authorization, etc. resides the medical professional who initiated that document.