HIPAA & HITECHZSentry meets or exceeds HIPAA, HITECH Safe Harbor, FERPA, FFIEC, GLBA, SOX, U.S. State Security Breach Notification Laws and ISO 17799 regulations.
With NMA ZSentry there is no Protected Health Information disclosed and all information is de-identified, so that ZSentry falls within the HITECH Safe Harbor provision. There is no need to sign a Business Associate Agreement (BAA), with no liability and not mandatory reporting in the event of a fault or breach. However, if desired, NMA ZSentry can sign a BAA with your organization. To request, submit a Support Ticket for "HIPAA BAA" and provide the organization's characterization as a Covered Entity under HIPAA.
A security solution may be 100% HIPAA-compliant and yet expose your organization to hefty fines, while the ZSentry solution presents a HITECH Safe Harbor with no fines even in case of a fault or breach. ZSentry and the data viewed or generated for transmission constitute fully compliant standard transactions under HIPAA. The ZSentry service is not made aware of Protected Health Information (PHI) and is, thus, not required to sign a Business Associate Agreement for its customers.
Health care providers, as well as their patients, can easily use ZSentry to send and read zmails from their familiar desktop email program as quickly and as conveniently as a regular email, or using Gmail, Hotmail or Yahoo accounts. Lab results can be delivered securely to cell phones, for quick access.
The entire health care team can be securely connected anywhere, anytime, using ZSentry, with zero investment and no training, sending and receiving secure medical records in familiar Word, PDF and Excel documents, as well as fax copies, photos, X-rays, voice mail, and voice transcriptions.
HIPAA compliance is provided on a technical level, guarding data integrity, confidentiality and availability. Each health organization utilizing these services must be HIPAA compliant if they are characterized as a Covered Entity (CE) under HIPAA. Other health organizations or persons may or may not be exempt from HIPAA. ZSentry protects PHI and other sensitive information by using ZSentry technology and a variety of technologies and methods.
HITECH Safe Harbor compliance: The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act signed into law in 2009, encourages adoption of electronic health record technology and expands on HIPAA's security and privacy requirements. HITECH addresses breach notification rules and implements a new tiered system that increases civil monetary penalties for noncompliance, and also allows state attorney generals to file civil actions on behalf of residents of their states who they believe were adversely affected by a HIPAA violation.
Effective Feb. 17, 2010, HITECH makes one of the most critical changes in its extension of HIPAA's provisions to business associates. This means that third-parties that provide services and handle Protected Health Information (PHI) for health care providers are also directly affected by the HIPAA security rules. For your practice, this means verifying all business associates, and making sure that any necessary contractual amendments are made or additional oversight is added, and that all such provisions are actually followed in day-to-day practice as evidenced by auditing procedures.
With NMA ZSentry, however, there is no such no liability as the service operates within the Safe Harbor provision.
Read also the HIPAA Regulatory Compliance Statement >>
|Main Technical Notes|