HIPAA Compliance

HIPAA Compliance Notice

Protecting patient health information in accordance with federal regulations

Our Commitment to HIPAA

Excellence in Diagnostics International (EDI) is committed to protecting patient health information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.

While calibration services typically do not involve direct access to Protected Health Information (PHI), we maintain HIPAA-compliant practices to ensure the highest level of data security and privacy.

Business Associate Agreements (BAA)

EDI enters into Business Associate Agreements with covered entities as required by HIPAA. Our BAAs include:

  • Permitted and required uses and disclosures of PHI
  • Safeguards to prevent misuse of information
  • Breach notification procedures
  • Subcontractor compliance requirements
  • Right to audit and inspect records
  • Termination provisions for contract breaches

Contact us to request a signed BAA for your organization.

Technical Safeguards

We implement comprehensive technical safeguards to protect electronic PHI (ePHI):

  • Access Controls: Unique user IDs, automatic logoff, and emergency access procedures
  • Audit Controls: Activity logging and monitoring of system access
  • Integrity Controls: Mechanisms to ensure ePHI is not improperly altered or destroyed
  • Transmission Security: Encryption for ePHI transmitted over electronic networks

Physical Safeguards

  • Facility Access: Controlled access to buildings and secure work areas
  • Workstation Security: Policies governing workstation use and positioning
  • Device Security: Controls for electronic media and hardware removal
  • Data Disposal: Secure destruction of hardware, electronic media, and paper records
  • Visitor Logs: Documentation of all facility access

Administrative Safeguards

Our administrative policies include:

  • Security Officer: Designated individual responsible for HIPAA compliance
  • Risk Analysis: Regular assessments of potential threats to ePHI
  • Workforce Training: Mandatory HIPAA training for all employees
  • Sanction Policy: Disciplinary actions for policy violations
  • Incident Response: Documented procedures for security incidents
  • Contingency Planning: Data backup and disaster recovery procedures

Privacy Practices

Minimum Necessary Rule: We limit use and disclosure of PHI to the minimum necessary.

Patient Rights: We support patients' rights to access, amend, and request restrictions on their information.

Accounting of Disclosures: We maintain records of PHI disclosures as required by law.

Notice of Privacy Practices: Available upon request for all covered entity partners.

Breach Notification

In the event of a breach of unsecured PHI, EDI will:

  • Notify affected covered entities within 60 days of discovery
  • Provide detailed information about the breach
  • Document the incident and mitigation steps taken
  • Cooperate fully with covered entity notification requirements
  • Report breaches affecting 500+ individuals to HHS as required

Breach Hotline: (555) 123-4567 ext. 911 (24/7)

Ongoing Compliance

Annual Risk Assessments: Comprehensive security risk analysis conducted annually

Policy Reviews: HIPAA policies reviewed and updated at least annually

Staff Training: All personnel receive HIPAA training within 30 days of hire and annually thereafter

Third-Party Audits: Independent security audits conducted by certified professionals

Regulatory Monitoring: Continuous tracking of HIPAA rule changes and updates

HIPAA Contact

For questions about HIPAA compliance, BAA requests, or to report a potential breach:

Privacy Officer: Sarah Mitchell, CPO

Email: hipaa@edi-calibration.com

Phone: (555) 123-4567 ext. 200

Emergency Breach Hotline: (555) 123-4567 ext. 911 (24/7)

Address: 123 Calibration Way, Suite 100, Anytown, USA 12345

← Return to Homepage