Medical Cybernetics, Inc.
Medical Cybernetics, Inc. HIPAA Compliance Statement
Medical Cybernetics provides turn-key computer systems, software products, and maintenance services to hospitals and long-term care facilities. These products and services are integral parts of the clinical and accounting functions which our clients perform, and as a result, must comply with the Health Insurance Portability and Accountability Act (HIPAA). We, at Medical Cybernetics, Inc., are considered a part of the workforce of our clients and are termed Business Associates under HIPAA law. As a business associate, we will not disclose Patient Health Information (PHI) to any individual, agency or business outside of the workforce of said client unless specifically directed by our client.
Our turn-key systems are installed on Linux servers. To secure these systems and the PHI databases which they contain, all non-essential Linux services have been disabled or removed (i.e., telnet, FTP, sendmail, NFS, rsh, rlogin, rexec, netstat, finger). No guest or anonymous user accounts are allowed. PC connections to a Medical Cybernetics application must first be authenticated by the institution's normal network login server. A secondary application based login is also required. Remote access to the servers is limited to secure shell connections (ssh) of specified origins and through VPNs provided by our clients..
Within the Medical Cybernetics software products, numerous application features exist to achieve HIPAA compliance. These features include:
- password user authentication
- creation of user access logs
- role based access controls
- user based auto log-off timeouts
- audit logging of PHI access
- audit logging of PHI additions, modifications and deletions
Although, many of the HIPAA code sets and transaction specifications are not applicable to the clinical functions performed by Medical Cybernetics software products, we do provide transactional information to accounting systems which are affected and, therefore, utilize standard code sets where applicable within our products.
To facilitate HIPAA compliance in maintenance services, Medical Cybernetics has established written privacy policies and the MCI HIPAA Compliance Training Manual, which details the procedures for the secure handling of PHI and the responsibilities of each member of our workforce regarding confidential information. Employee training and education is developed and implemented by our designated Security/Privacy Officer and is mandatory for each employee. Each employee must enter into a written agreement with Medical Cybernetics, Inc. that he/she will not disclose PHI according to the HIPAA Privacy regulations as outlined in the training manual.
Alvah Dennis, President - Medical Cybernetics, Inc.revised October 29, 2014
© 2000-2014 Medical Cybernetics, Inc.