Facebook Instagram Linkedin Twitter
MBS medical billing logo with documents and medical cross on blue background

For Consultation

315-675-5145

HIIPA Compliant

At Med Billing Specialists (MBS), we prioritize the privacy and security of protected health information (PHI). As a medical billing company, we are committed to complying with the Health Insurance Portability and Accountability Act (HIPAA) regulations, ensuring that our clients’ sensitive information is safeguarded.

What is HIPAA?

HIPAA is a federal law that sets national standards to protect individuals’ medical records and personal health information. It applies to health plans, healthcare clearinghouses, and healthcare providers who transmit health information electronically. The law aims to ensure that individuals’ health information is kept private and secure, while also allowing for the flow of health information needed to provide high-quality healthcare.

HIPAA Compliance Efforts

We have implemented the following measures to ensure HIPAA compliance:

  • Privacy Policy: We have developed a comprehensive privacy policy that explains how we handle PHI, including how it is collected, used, and disclosed. Our privacy policy is available to our clients and employees, and we review and update it regularly to ensure it remains effective.
  • Security Measures: We use administrative, technical, and physical safeguards to protect PHI from unauthorized access, disclosure, or use.

These measures include:

  • Firewalls and intrusion detection systems to protect against cyber threats
  • Encryption of PHI in transit and at rest
  • Secure authentication and authorization protocols
  • Regular security updates and patches
  • Limited access to PHI based on job responsibilities
  • Audit logs and monitoring to detect and respond to security incidents
  • Employee Training: Our employees undergo regular training on HIPAA regulations and our privacy and security policies.

We provide training on:

  • HIPAA privacy and security rules
  • Our privacy and security policies and procedures
  • How to handle PHI securely
  • How to report security incidents
  • Business Associate Agreements: We enter into Business Associate Agreements (BAAs) with our vendors and subcontractors to ensure they also comply with HIPAA regulations.

Our BAAs require vendors to:

  • Protect PHI in the same way we do
  • Report security incidents to us
  • Allow us to audit their security practices
  • Risk Assessments: We conduct regular risk assessments to identify potential vulnerabilities and implement measures to mitigate them.

Our risk assessments include:

  • Identifying potential security threats
  • Assessing the likelihood and potential impact of each threat
  • Implementing measures to reduce the risk of each threat
  • Incident Response Plan: We have an incident response plan in place in case of a breach or unauthorized disclosure of PHI.

Our plan includes:

  • Procedures for reporting and responding to security incidents
  • Protocols for containing and mitigating the effects of a security incident
  • Requirements for notifying affected individuals and regulatory authorities
HIPAA Security Rule

We comply with the HIPAA Security Rule, which requires us to:

  • Ensure Confidentiality: Protect PHI from unauthorized access, disclosure, or use.
  • Ensure Integrity: Protect PHI from alteration or destruction.
  • Ensure Availability: Ensure PHI is accessible and usable when needed.

We implement the following security measures to meet these requirements:

  • Access Controls: We limit access to PHI based on job responsibilities and use secure authentication and authorization protocols.
  • Audit Controls: We maintain audit logs and monitoring to detect and respond to security incidents.
  • Integrity Controls: We use digital signatures and checksums to ensure the integrity of PHI.
  • Transmission Security: We use encryption and secure protocols to protect PHI in transit.
HIPAA Privacy Rule

We comply with the HIPAA Privacy Rule, which requires us to:

  • Limit Uses and Disclosures: Only use and disclose PHI for authorized purposes.
  • Provide Patient Rights: Provide patients with rights, such as the right to access, amend, and restrict disclosure of their PHI.

We implement the following privacy measures to meet these requirements:

  • Notice of Privacy Practices: We provide a notice of privacy practices to our clients, explaining how we use and disclose PHI.
  • Authorization: We obtain authorization from clients before using or disclosing PHI for purposes other than treatment, payment, or healthcare operations.
  • Access: We provide clients with access to their PHI upon request.
  • Amendment: We allow clients to amend their PHI if it is inaccurate or incomplete.
  • Disclosure Accounting: We maintain a record of disclosures of PHI and provide clients with an accounting of disclosures upon request.
HIPAA Compliance Certification

We have obtained HIPAA compliance certification from a third-party auditor, demonstrating our commitment to protecting PHI and meeting HIPAA regulations. Our certification is based on a thorough review of our privacy and security policies, procedures, and practices.

Ongoing Compliance Efforts

We recognize that HIPAA compliance is an ongoing process. We regularly review and update our privacy and security policies and procedures to ensure they remain effective and compliant with changing regulations. Our ongoing compliance efforts include:

  • Regular Risk Assessments: We conduct regular risk assessments to identify potential vulnerabilities and implement measures to mitigate them.
  • Employee Training: We provide regular training and updates to our employees on HIPAA regulations and our privacy and security policies.
  • Security Updates: We implement regular security updates and patches to protect against emerging threats.
  • Compliance Monitoring: We regularly monitor our compliance with HIPAA regulations and update our policies and procedures as needed.
  • Incident Response Plan: We regularly review and update our incident response plan to ensure it remains effective in case of a security incident.
Patient Rights

We respect our patient’s rights under HIPAA, including:

  • Right to Access: Patients have the right to access their PHI upon request.
  • Right to Amend: Patients have the right to amend their PHI if it is inaccurate or incomplete.
  • Right to Disclosure Accounting: Patients have the right to an accounting of disclosures of their PHI.
  • Right to Request Restrictions: Patients have the right to request restrictions on the use and disclosure of their PHI.
  • Right to File a Complaint: Patients have the right to file a complaint with us or the Secretary of the U.S. Department of Health and Human Services if they believe their privacy rights have been violated.
Contact Us

If you have questions about our HIPAA compliance or privacy and security practices, please contact us at [contact information].

By entrusting us with your medical billing needs, you can be confident that your PHI is protected and secure. We are committed to maintaining the privacy and security of your PHI and complying with HIPAA regulations.