Rapid Care has simple but strict policies and procedures written down for HIPAA compliance, which are discussed here.
Data Security
Sensitive documents are kept under the custody of Senior Management.
Copying of sensitive documents is controlled by Senior Management.
Sensitive documents, that are not required, are immediately shredded.
Handling of documents is done in strict adherence to the company’s document control system, which is executed as per the highest quality standards.
Data Access
We use domain level authentication & ensure that only authorized privileges are given; this allows us to monitor access within the network.
All activities related to User ID creation and access granting are done by the System Administrator only.
User IDs are only created based on the request of duly authorized personnel.
User IDs are deleted /disabled immediately after employee separation, which is followed by a clearance form duly authorized by the Project Manager.
Privacy
Each employee signs a non-disclosure agreement with the company at the time of joining. This pertains to any information that is not available on the public domain. The importance of a non-disclosure agreement is periodically explained by the HR group to make all employees to be aware of these requirements.