Gitter & Associates: Privacy

HIPAA COMPLIANCE STATEMENT

We at G&A realize that our clients, most of whom are healthcare claim payors, must comply with all aspects of confidentiality of patient data. We require access to numerous data elements associated with claims, including patient and provider information. As such, G&A has taken steps to ensure its compliance with both the Gramm-Leach-Bliley Act and HIPAA requirements.

Our key aspects to our existing policies include, but are not limited to, the following:

All G&A employees are required to sign a confidentiality agreement with G&A. These agreements provide G&A the right to terminate employment, if the confidentiality breach is deemed to be significant, harmful or damaging to G&A, its clients, and its client's insured members. These confidentiality agreements also provide sanctions for employees as recommended by HIPAA.

All patient and provider specific information that we receive or generate as a result of delivering our services is treated as confidential, and it is not disclosed to those who do not have a need to view it in relation to the services we deliver to our clients. The electronic data is stored on secure computer servers and PC workstations, which require a unique user name and password to access such data.

All patient and provider information that exists in printed format is contained within designated working spaces. Information that requires mailing is secured in a sealed envelope prior to leaving G&A's premises.

All G&A Client and Vendor agreements include a Business Associate Addendum. The incorporation of this Addendum ensures that all parties involved in the use and/or disclosure of protected health information to be in compliance and that they will remain in compliance with current HIPAA Regulations. The Addendum also outlines the procedures the parties must follow, with regard to protected health information, upon termination of their Agreements.

In relation to many significant areas of HIPAA, our compliance is as follows:

Uniform Codes And Data Transmission

G&A currently accepts data directly from our Clients. Therefore, we are able to receive and re-transmit data to our clients or other parties involved with the delivery of our services in HIPAA compliant formats. With regard to data elements, formats and definitions, we have a plan to ensure that its software is updated with the latest medical data code sets, through our partnership with various vendors and other healthcare data source providers.

We will continue to monitor the latest HIPAA news and legislation to ensure our compliance, where required and as agreed upon with our clients.

Privacy And Security

We understand the sensitivities and the seriousness associated with the privacy of healthcare data. We also understand that covered entities are required to contract with business associates that will also be handling individually identifiable healthcare data and that policies and procedures must be put in place in order to ensure the privacy and security of such data.

Therefore, the following steps have been taken:

We have designated a Privacy Official. The Privacy Official has the responsibility for the development and implementation of HDI's policies and procedures. This position also works closely with clients to understand their requirements, and then ensure that G&A complies with them. The Privacy Official is also the person responsible for monitoring the ongoing requirements of HIPAA, if any, and is designated to receive complaints with regard to privacy compliance.

We have established "logging" mechanisms that will document access to protected healthcare information.

We have established training programs focused on privacy policies so that our employees learn how to appropriately handle individually identifiable health data according to HIPAA mandates.

We have established procedures to receive and resolve complaints, plus sanctions for employees who fail to comply with privacy policies. G&A takes non-compliance with privacy policies seriously, and promotes a zero tolerance policy. We have also established physical safeguards for information, including protection around electronic processing and storage.