Home Services About Us FAQ Contact Us HIPAA Policy
 
Click Here to Login
 
Download a PDF version of our
HIPAA privacy policy
 
 

HIPAA and WHY IT MATTERS

Major sections of The Health Insurance Portability and Accountability Act of 1996 (HIPAA) were enacted by the United States Congress to protect the privacy and security of an individual’s personal health information (PHI), including physicians’ and health care providers’ records.
Westside Copymaster is a HIPAA Business Associate operating under the Standards for Privacy of Individually Identifiable Health Information act 45 CFR Part 160 and Part 164.

As a HIPAA Business Associate, Westside Copymaster and all its employees have a business and personal responsibility to comply with the law, following specific guidelines to ensure the privacy of our customers’ clients and the security of medical records we are contracted to procure on their behalf. Any intentional or unintentional violation of Westside Copymaster’s privacy policies will be critically examined and may result in termination of the employee.

All employees are required to attend HIPAA training at the commencement of their employment by Westside Copymaster and must, at all times, have access to the Westside Copymaster HIPAA Guidebook. The Guidebook contains instructions, scripts, minimum information disclosure and security/privacy guidelines for each step of the Attending Physician Statements (APS) records retrieval and transmittal process.

MANAGEMENT OVERSIGHT AND POLICY ENFORCEMENT

A senior staff member called a Case Manager, with at least 3 years of APS records procurement and transmittal training and experience, is assigned to supervise the APS records request process for each and every case. Each Case Manager must be familiar with:

  • Minimum information disclosure rules
  • Proper information security rules
  • Proper document request verification and validation rules
  • Secure document transmittal and verification rules

The Case Manager is responsible for ensuring that all call center employees responsible for contacting physicians regarding records requests by phone, fax or secure electronic communication comply with HIPAA privacy rules, following Westside Copymaster’s policies for minimum information disclosure of a patient’s personal information, communicating only the minimum necessary information to verify the patient and physician’s identities.

The Case Manager is also responsible for supervising all field staff responsible for duplicating and/or digitizing records on-site at physicians’ and health service providers’ facilities, ensuring that copies are made ONLY to meet the requestors’ needs and that they are properly sealed and/or secured to ensure the privacy and confidentiality of patient information and records.

Before any records request is processed, case managers must ensure that:

  1. A records request has been completed by an authorized representative of the customer’s organization, and that their identity has been verified.
  2. A HIPAA-compliant Authorization for Release of Health Information has been completed by the person whose records are being requested.
  3. The form must be signed by the person whose records are being requested, and Westside Copymaster must have a copy of the signed form on file with the records request before the record holder(s) is contacted.

While a records request is being processed, case managers must ensure that:

  1. No information regarding the status of a records request is disclosed other than to an authorized party whose identity has been verified.
  2. We cooperate with any authorized party to determine the status of a records request, and to provide those records in a timely manner.

During final records transmittal, case managers must ensure that:

  1. Only the minimum number of copies necessary to fulfill the records request are retained by Westside Copymaster.
  2. All duplicates or extraordinary copies are destroyed.
  3. Records are transmitted only to authorized recipients and receipt of records is verified.

APS DIRECT SYSTEM SECURITY AND ELECTRONIC RECORDS RETENTION POLICIES

Westside Copymastet’s APS Direct system is for the use of authorized Westiside Copymaster personnel, customers and their authorized agents only. No other personnel, visitors or guests are to be allowed to view or use APS Direct workstations. All work on and use of the APS Direct system is to be conducted on the Westside Copymaster premises. Use of home computers or other off-premise equipment to access APS Direct is strictly prohibited.

All electronic communication is conducted using at least 128-bit secure SSL encryption and all on-line and off-line electronic records are stored in secure, encrypted form.

Customers and their authorized agents must provide adequate information for Westside Copymaster to verify their identity. Credentials for accessing APS Direct can only be issued by Westside Copymaster. Customers and their authorized agents are responsible for ensuring that only authorized personnel use log-in credentials (username and password combinations) provided by Westside Copymaster for accessing APS Direct, and for ensuring that their record handing, information disclosure and information handling policies are HIPAA compliant.

Westside Copymaster is not responsible for compliance oversights and breeches by its customers, their authorized agents, physicians, health care facilities and other record holders.

Westside Copymaster’s general business policy is to use the utmost personal, physical and electronic data security to maximize the security of an individual’s APS records while under our responsibility and control.

Westside Copymaster HIPAA Compliance Officer: Steve Lam, CEO
 
Home  |  Services  |  About Us  |  FAQ  |  Contact Us  |  Login  |  Terms and Conditions  |  Privacy Policy
Copyright © 2005 Westside Copymaster Corp., All Rights Reserved.