About MEB
MEB Services
Partner Program
Client Login
Security
Resources
Home

 

HIPAA Preparedness Statement

Overview:

Medical Electronic Billing (MEB) appreciates and understands the major changes our healthcare industry clients are undertaking for compliancy within the Health Insurance Portability and Accountability Act of 1996. HIPAA impacts all areas of the healthcare industry. While the law was designed to improve the efficiency of healthcare by standardizing the exchange of administrative and financial data, it also includes protecting the privacy, confidentiality and security of patient healthcare information (PHI). This protection is encompassing to include the same standards and commitments from Business Associates, previously known as vendors or partners.

Medical Electronic Billing is committed to honoring HIPAA guidelines at every level of operations. We understand our duty as a responsible and conscientious business associate in the healthcare industry. We recognize that our actions are imperative in maintaining a chain of trust link for each of our valued healthcare clients. Medical Electronic Billing is HIPAA ready and will continue to work towards maintaining and exceeding all security and privacy regulations in accordance with both the current and future rulings.

Medical Electronic Billing wishes to highlight several of our established standards, administrative procedures, physical safeguards, technical security devices and technical security mechanisms when dealing with PHI.

Transmission/Security:

While the guidelines for the Transaction Codes and Data Elements (including the X12N version 4010) do not apply to the transmission for processing, print and mailing of patient statements/invoices, Medical Electronic Billing has taken action to ensure security integrity and vulnerability are addressed and enforced.

Medical Electronic Billing constantly monitors our web security in order to protect the integrity of data transmissions. This includes the continual monitoring of user access, password changes, account modification, file uploads, file downloads, and deleted files. Medical Electronic Billing uses these systems concurrent with activity logs to audit and protect systems and data. As specified in company procedure, every log is reviewed regularly with any anomalies or discrepancies thoroughly investigated and documented as to the cause and the resolution.

Advanced firewall technology is utilized to protect our user database from unauthorized intruders when connected to the Internet. Data entering or leaving the network must pass through this firewall, which examines each message, blocking those not meeting stringent security criteria. Medical Electronic Billing's platform also includes a high-speed wireless Internet connection. While still somewhat new to most end users, this process allows data to travel through space, vs. wires or cables, affording a more difficult avenue to intercept data.

Our FTP (File Transfer Protocol) site uses server-based Secure Socket Layer (SSL). SSL technology provides advanced (128- bit) strong encryption tools that convert data into code before it is transmitted over the Internet. This technology also requires verifiable logon identification and passwords only known by authorized staff.

In addition to the above mentioned security levels, Medical Electronic Billing, uses protocol controls to transmit data securely by means of an Equifax Secure Server Digital ID. GeoTrust, a national recognized Internet security company, certifies these controls.

Once files are received from clients by any electronic means (phone modem, Internet, email, hard copy disk) strong steps are met to restrict and protect the privacy of data from inappropriate use and disclosure.

Privacy:

HIPAA privacy guidelines are meant to protect patient's health information. While Covered Entities are required to obtain consent and authorization from an individual prior to disclosing individual PHI, Medical Electronic Billing continues to illustrate our business associate commitment. We have the following procedures in place to act in accordance with HIPAA privacy issues:

Access to any data information is limited to authorized personnel with a 'minimum need to know' standard. State-of-the-art internal firewalls are used to restrict unauthorized personnel from inadvertently accessing patient data. Only personnel directly involved with processing patient statements have access to data files.

Data received from our clients is used solely for client directed projects as they relate to process, printing and mailing of patient billing statements. Data is solely the property of each client and is never duplicated, extrapolated, sold, transmitted to a third party, or manipulated in any way. Any and all exceptions require the expressed written authorization and specific instructions from an Officer of the client's organization.

Any misprints, hardcopy test files, spoilage, or reprints are destroyed on site in a secure environment. Medical Electronic Billing has shredding services provided by Shred-It, a nationally recognized and bonded document recycling company. All data deemed for shredding is stored in a secure locked container located on site. Strict guidelines are in place regarding supervision and destruction of the contents.

To re-enforce the confidentiality of all data information, Medical Electronic Billing has each employee sign a confidentiality agreement. Under terms of the agreement, all employees agree not to use, publish or disclose, or permit others to use, publish or disclose, any confidential information they may come in contact with. Violation of this agreement warrants immediate termination.

Regularly scheduled staff meetings include agenda items discussing confidentiality and our commitment to exceed all federal, state and local privacy guidelines. These staff meetings along with ongoing training ensure each staff member understands, validates and exemplifies our commitment to our clients.

For more information, please contact:

Marty Bielecki
HIPAA Compliance Officer
1-800-968-5798 x40