HIPAA COMPLIANCE
At Sigma RCM, we are dedicated to protecting the privacy and security of our clients' protected health information (PHI). In compliance with the Health Insurance Portability and Accountability Act (HIPAA), we have implemented comprehensive policies and procedures to safeguard PHI. Our commitment to HIPAA compliance ensures that we maintain the highest standards of data protection and confidentiality.
Administrative Safeguards
Security Management Process: We implement robust policies and procedures to prevent, detect, contain, and correct security violations. Regular risk assessments are conducted to identify and mitigate potential threats.
Assigned Security Responsibility: A designated security official is responsible for the development and implementation of our security policies and procedures.
Workforce Security: Access to PHI is strictly limited to authorized personnel. Background checks and regular training sessions are conducted to ensure compliance.
Information Access Management: Policies are in place to authorize and monitor access to PHI, ensuring only necessary and appropriate access.
Security Awareness and Training: All workforce members receive ongoing training on security policies and procedures related to PHI.
Security Incident Procedures: We have established procedures to promptly address and manage security incidents.
Contingency Plan: A comprehensive contingency plan is in place to respond to emergencies and ensure the protection of PHI.
Evaluation: Regular evaluations are conducted to review and improve our security policies and procedures.
Business Associate Contracts: We ensure that all business associates comply with HIPAA regulations through proper agreements and regular audits.
Policies and Procedures and Documentation Requirements
Policies and Procedures: We maintain comprehensive, written policies and procedures to comply with HIPAA standards and specifications.
Documentation: All actions, activities, and assessments required by HIPAA are documented and maintained as per regulatory requirements.
Physical Safeguards
Facility Access Controls: Policies are in place to limit physical access to our facilities and electronic systems containing PHI.
Workstation Use: Guidelines specify the proper use of workstations to ensure the security of PHI.
Workstation Security: Physical safeguards are implemented for all workstations accessing PHI.
Device and Media Controls: Policies govern the receipt, removal, and disposal of hardware and electronic media containing PHI to prevent unauthorized access.
Technical Safeguards
Access Control: Technical policies and procedures are in place to ensure that only authorized individuals can access PHI.
Audit Controls: Mechanisms are implemented to record and examine access and activity in information systems containing PHI.
Integrity Controls: Policies and procedures are established to protect PHI from improper alteration or destruction.
Person or Entity Authentication: Verification processes ensure that individuals seeking access to PHI are authenticated.
Transmission Security: Technical security measures guard against unauthorized access to PHI during electronic transmission
Organizational Requirements
Business Associate Contracts: All business associates are required to comply with HIPAA rules and safeguard PHI through binding agreements.
Group Health Plans: Our group health plans adhere to HIPAA requirements, ensuring compliance and protection of PHI.
Commitment to Continuous Improvement
Sigma RCM is committed to maintaining and continuously improving our HIPAA compliance efforts. We regularly review and update our policies and procedures to align with evolving regulations and technological advancements. Our dedication to protecting PHI reflects our commitment to the privacy and security of the health information we manage.
For any questions or concerns regarding our HIPAA compliance
policy, please contact our HIPAA compliance officer at compliance@sigmarcm.com.