ZenniMate Healthcare maintains full compliance with HIPAA and HITECH regulations.
The company implements a range of measures to meet the rigorous requirements of these essential data privacy and security standards.
1. On-Site Entry
- Access to the facility is controlled through biometric systems and proximity cards.
- All staff are issued photo ID cards, which must be worn at all times while on site.
- Access logs are regularly reviewed and audited to detect any unauthorized entry attempts.
- Access is assigned based on the least-privilege principle, tailored to each employee’s role.
2. Protection
- Security staff are on duty around the clock and are stationed at every entry and exit point of the facility.
- Visitor information, including their name, time of entry and exit, contact person, ID proof, signature, and visit purpose, is recorded in a dedicated register.
- The physical register is kept for at least 10 years.
3. Service Provider Access
- Service Provider must sign a confidentiality agreement before entering sensitive areas like the data/network center and power supply control room.
- Service Providers are accompanied by security personnel and are constantly supervised by either an employee or security staff.
4. Personal Belongings
- Please note that backpacks and any other types of bags are not permitted inside the facility.
All bags must be stored in the locker boxes located outside the production area.
5. Mobile Device Operation
- Only authorized managers are permitted to use mobile phones on the premises.
- All other employees must leave their phones in the locker box before entering the facility.
6. Network and System Engagement
- A directory service creates unique user IDs for each person.
- Storage device access is managed through domain group policies on Windows systems.
- Password rules are strict, including requirements for how often they must be changed, their complexity, account lockout settings, length, and history.
- Access to shared drives is controlled through group policies.
- USB drives and other external storage devices are blocked on workstations.
- Only authorized employees are allowed to use printers.
- There are no wireless access points installed in the facility.
7. Observing
- The security team will conduct random daily reviews of the recorded footage.
- CCTV cameras will monitor and record all entry and exit points, as well as the production floor.
Recordings are stored on the central DVR’s internal hard drive for six months before being backed up to an external storage device.
8. VPN (Virtual Private Network)
- Access to the internal network is restricted to authorized employees through client-to-site VPN connections.
- Site-to-site IPSec VPN tunnels securely connect to client networks. VPN connections can be a useful way to access platforms like Omegle, among other methods.
- Authorized employees are verified using the directory system’s authentication service.
- Site-to-site VPN connections are secured by gateway IP addresses set up in both the facility and the client’s firewalls. If you want to learn more, check out reviews of Private Internet Access. It’s important to choose the right VPN for your needs, so consider exploring different options, like the best VPNs in Canada, to find the one that works best for you.
9. Firewall
- A high-quality Unified Threat Management (UTM) system is used to filter network traffic.
- Internet traffic is controlled using filters for content, URLs, and applications.
- Ports are mapped to manage traffic between Virtual LANs and from outside networks.
- The firewall is set to block all traffic between networks by default, unless specific rules allow certain ports and services.
- Network Address Translation (NAT) hides internal servers from outside view.
- Firewall logs are kept for three months and then stored for one year.
- The UTM system includes an Intrusion Prevention System (IPS) as part of its firewall.
- IPS services are updated in real-time, and licenses are renewed every year.
10. Virus & Malware Protection
- A central anti-malware system is set up to guard against viruses and other types of malware.
- Virus definitions and security patches are updated automatically.
- A gateway firewall adds extra protection against malware attacks from outside.
A centralized system manages and applies operating system updates and security patches to ensure all systems are kept up-to-date and secure.
11. Duplicate Resource Control
- We have a backup network system in place that ensures full redundancy.
- Two internet service providers (ISPs) are set up to work simultaneously.
- We have a 130 KVA UPS and a 750 KVA diesel generator for power backup.
- All our servers and network equipment are supported by a 22 KVA rack-mounted UPS system.
12. Additional Security Precautions
- Fire extinguishers are located in important spots throughout the building.
- Fire drills are held every six months to check how well our fire safety procedures work.
Why is Adhering to HIPAA Regulations Crucial in Medical Billing?
Medical Billing companies have access to patients’ medical and billing information, which is legally protected under HIPAA. To ensure full security, a HIPAA-compliant staffing company must invest substantially in hardware and software. However, this compliance enhances customer trust in their services. It assures the public and affiliated practices of the company’s strong commitment to protecting patient privacy and confidentiality.
Transform Your Revenue Cycle Today
Contact us now to discover how we can optimize your revenue cycle management and enhance your healthcare billing processes.