7 Medical Passes Independent HIPAA Audit
HIPAA privacy and security compliance assures healthcare customers that patient health information is secure and protected from misuse
MINNEAPOLIS—October 2, 2009—7 Medical Systems™, a leader in on-demand picture archiving and communication system (PACS), teleradiology, disaster recovery and electronic medical record (EMR) solutions for healthcare, today announced that the company has passed an independent audit of its Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security controls, without exception, effective July 21, 2009.
In April 2009, the company had engaged DGPeterson, LLC, an independent HIPAA privacy and security consulting firm located in Minneapolis, to conduct an audit of the company’s HIPAA privacy and security compliance program and controls.
“Undergoing a voluntary HIPAA privacy and security audit demonstrates the strength of 7 Medical and its commitment to having reliable and secure practices in place for the handling and transmission of the protected health information (PHI) of patients,” said Grant Peterson, principal at DGPeterson, LLC. “This really differentiates 7 Medical and assures healthcare facilities that their patient data is being handled in a secure and safe manner, and complies with HIPAA privacy and security regulations. Healthcare customers can rest assured that 7 Medical has sound compliance controls in place.”
7 Medical’s audit process provides all healthcare clients, such as hospitals, imaging centers, radiology groups, and ambulatory clinics, as well as vendors and business associates, with several important benefits:
- Organizations doing business with 7 Medical have assurances that the internal HIPAA controls within the company are in place and are suitably designed to ensure compliance;
- The company’s control policies and procedures have been evaluated, reviewed and passed by an independent third party;
- Clients, prospects, vendors, partners and business associates gain confidence that moving forward with and doing business with 7 Medical is safe, and that confidence extends to their customers and patients as well.
“Our clients entrust us to deliver proven solutions to their health IT challenges. In the process of doing so, we are committed to maintaining the highest quality and compliance standards as well,” said Jason Studsrud, chief executive officer of 7 Medical Systems. “Successfully meeting the HIPAA privacy and security controls reflects our commitment to excellence and reaffirms our clients’ confidence in us while minimizing their exposure to risk.”
The HIPAA privacy and security audit included an in-depth examination to verify that 7 Medical’s internal HIPAA privacy and security controls are in place. The examination was performed by applying HIPAA Administration Simplification, Part 164 Security and Privacy Standards, National Institute of Standards and Technology, Special Publication 800-66, Revision 1. DGPeterson rendered a favorable opinion that 7 Medical has internal privacy and security controls in place to provide reasonable assurance the company has complied with HIPAA standards.
7 Medical’s internal privacy control system is comprised of a Web-based HIPAA compliance and training program. The internal security control system is comprised of a Security Evaluation Audit Software Program that combines HIPAA security standards with the National Institute of Standards and Technology (NIST) HIPAA implementation guidelines and covers more than 260 HIPAA security rule audit points.
7 Medical has gained valuable insight in completing the first step in its HIPAA privacy and security compliance initiative, and plans to use this knowledge to continue to provide unparalleled service to its healthcare customers. The company’s continued growth is always contingent upon taking care of clients and maintaining the highest industry and compliance standards. Next, the company plans to conduct a further test to ensure the HIPAA controls are operating effectively, which will further assure clients of the company’s compliance with the new HIPAA privacy and security rules that will take effect in February 2010 under the HITECH ACT of the American Recovery and Reinvestment Act of 2009 (ARRA).
ABOUT HIPAA PRIVACY AND SECURITY
In 1996, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA), of which the Administrative Simplification provisions promote efficiency in the healthcare industry through the use of transaction standards for the exchange of health information, privacy standards and security standards for the use and disclosure of individually identifiable health information.
The HIPAA Privacy Rule provides standards for protecting the privacy of individual health information. The privacy rule addresses the use and disclosure of health information, patient rights to review their health information, request edits, and demand an accounting of disclosures of health information. The privacy rule covers the confidentiality and physical security of PHI in all formats including oral, paper, and electronic. Privacy requirements have been in effect since April 14, 2003.
The HIPAA Security Rule provides for standards for the security of health information. The security rule for health information includes administrative, technical, and physical safeguards to ensure the integrity, confidentiality, and availability of health information and to protect against security violations and unauthorized use or disclosure of health information. The security rule relates specifically to electronic PHI (or ePHI) and protection of ePHI data from unauthorized access. Security standards became effective on April 20, 2005.
ABOUT 7 MEDICAL SYSTEMS, LLC
7 Medical Systems™, LLC (www.7medical.com) is a leading provider of on-demand PACS, teleradiology, EMR, disaster recovery and computing solutions for healthcare. The Minneapolis-based company delivers reliable, affordable solutions to critical access hospitals, imaging centers, radiology groups and ambulatory clinics. Rather than investing capital to own and manage hardware and software in-house, healthcare facilities outsource these critical functions to 7 Medical. They trade in hefty capital expenses for more affordable monthly usage fees—paying only for what they use. 7 Medical’s clinical project managers enable facilities to efficiently automate workflows and integrate disparate systems to ensure successful integration, implementation and training. On-demand services are available anytime, anywhere, with 24/7 service and support and built-in disaster recovery, from a Type II SAS 70 certified data center and HIPAA compliance.
7 Medical Systems™, 7i Gateway™ and the 7 Medical Systems logo are trademarks of 7 Medical Systems, LLC. All other trademarks or trade names are the properties of their respective holders.
Loan D. Gordon
7 Medical Systems, LLC