Grow-High focuses on conducting business with integrity and in compliance with all applicable health information privacy laws including the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Privacy standards have been established by the Department of Health and Human Services (DHHS) to protect an individual's identifiable health information from unauthorized disclosure. As part of Grow-High’s strong commitment to HIPAA compliance and to prevent violations of the health information privacy laws, we have designed a formal HIPAA Compliance Program.
A privacy and security officer have been appointed who are responsible for implementing, monitoring and maintaining the program.
The company is committed to maintain compliance by attending continuing educational events, which is ongoing as additional policies and procedures are developed.
The company will monitor compliance through periodic audits as well as other methods of monitoring.
Health Insurance Portability and Accountability Act. HIPAA was the result of the country’s need to have standards in place for ensuring patient privacy.
Under HIPAA, patient information must be kept confidential. We understand that medical billing companies deal with patient information regularly, since they receive health-care claims that reveal the name of the patient and the services that were rendered to him. Consequently, our employees who work the inbound claims must adhere to HIPAA standards or else they can be charged with breaking a HIPAA law. This means that employees shall not discuss patient information with others outside of work or disclose their information wrongly. We have policy of upgrading HIPAA confidentiality rules into our operating policies and procedures as a safeguard to ensure that staff understands the significance of the federal requirement.
Grow-High takes extreme measures to secure patient data. Here are our organizational compliance settings:
Grow-High has built a firewall that cannot be penetrated. We do this by utilizing secure FTP to transfer documents and encrypt emails prior to sending and receiving information from our clients.
A confidentiality and non-disclosure agreement as well as a HIPAA compliance document must be signed by each and every employee of the company prior to joining company. In the agreement, there is always a clause that prevents the employee from disclosing, publishing or accessing patient information in any unauthorized way.
At the office premise where all services are managed, most employees must have secure card access to the building. This restricts the entry of unauthorized personnel.
Prior to exchanging documents, a secure connection is established using VPN tunnels or secure cloud storage is being used with limited access to users.