As a leading direct mail producer for the healthcare industry, Design Distributors has taken the necessary steps to comply with Health Insurance Portability and Accountability Act (HIPAA) regulations.
Every piece of mail developed and sent from our facility is secure and HIPAA compliant. To attain this level of privacy and security, Design Distributors has undergone multiple audits from a variety of authoritative sources and met an array of criteria. To help our clients understand how truly rigorous our security process is, we’ve decided to explain the many guidelines we must adhere to in order to remain in compliance.
Each amendment to the act comes with its own set of protocols. The Security Rule Amendment of 2003 sets the standards for electronic patient health information (PHI) and technical, physical, and administrative safeguards.
These focus on the security of our systems. When PHI is transmitted over an external network, it’s encrypted to meet U.S. Department of Commerce National Institute of Standards and Technology (NIST) cryptographic standards. All PHI must be authenticated and protected from corruption or destruction. All of our data is encrypted, logged, and monitored.
Physical safeguards involve the policies we implement within our facility. We control access, tracking who has admittance to data storage and blocking those without the proper credentials. Administrative measures guide the policies and practices we have in place among our employees. We’ve completed a comprehensive risk assessment, identifying and analyzing all potential liabilities associated with PHIs. We regularly assess these, and our employees, ensuring all policies and facility rules are updated and followed. We’ve trained our staff, most of whom have more than 10 years of experience at Design Distributors, to recognize cybersecurity hazards and record all possible phishing, hacking, and deceptive attacks. We’ve also developed and tested disaster recovery plans. All security incidents are documented by staff.
The Privacy Rule Amendment of 2003 ensures all PHI is kept private and confidential. To adhere to these regulations, we’ve trained our staff to understand what data can and can’t be shared internally and externally. The additional protocols listed under this rule must be followed by the healthcare agencies when sending out direct mail.
The Final Omnibus Rule of 2013 was the most recent set of guidelines enacted. While chiefly pertaining to healthcare companies, we have incorporated its mandates into our privacy policy, and informed our staff of relevant updates.