We Take an Active Interest in Our Client’s HIPAA-Readiness
Regarding HIPAA compliance, at DiVA Solutions we are aware that this is an important and often complex consideration. DiVA is a HIPAA-compliant software and maintains compliance with HIPAA security standards related to Electronic Protected Health Information (EPHI).
We take HIPAA compliance seriously and regularly review the latest legislation for any changes that may affect software-related compliance. We also take an active interest in our client’s HIPAA-readiness, as much of the compliance requirement falls to the organization. While many of our clients already have internal HIPAA compliance assessment and procedural documentation in place, we recommend a review of this Department of Health and Human Services (HHS) document as a valuable supplemental reference for your company. It contains a valuable Security Standards Matrix which can be very helpful to organizations for internal assessment and development of HIPAA documentation.
DiVA, being a document management system, does not process HIPAA-applicable transactions (claims, encounter information, payment and remittance, claims status inquiries, eligibility inquiries, referral and authorization inquiries, etc.) and therefore the security requirements for this area are not relevant. This requirement typically falls to an existing HIPAA-compliant medical billing software that functions to transmit any electronic health information in connection with transactions for which HHS has adopted a standard.
DiVA does allow access (internal and/or external) to EPHI data, and therefore is compelled to meet HIPAA security risk requirements. The table below discusses how we have addressed this: