We have a thorough HIPAA (Health Insurance Portability and Accountability Act) compliance program in place for the protection of all of your critical billing and patient data. We achieve this goal through a variety of procedures including:


  1. BulletTechnology

  2. BulletComputer Networks and Systems have security access mechanisms in place.

  3. BulletUse of personal I/O devices are not permitted within the company.

  4. BulletMonthly backups are stored at a secure off-site location.

  5. BulletDocuments

  6. BulletDocuments containing Protected Health Information are disposed of in a locked, tamper-proof box and shredded bi-weekly.

  7. BulletPatient records are stored in secured file cabinets and backups are stored in fireproof cabinets.

  8. BulletRecords are not released without a written authorization from the patient.

  9. BulletCommunication

  10. BulletFaxes and E-mails contain a disclosure statement instructing the receiver to handle the item according to HIPAA regulations.

  11. BulletChanges to health information are requested in writing.

  12. BulletPatient account information is discussed with the patient or guarantor only.


Confidentially is taken very seriously at SMBS.

Does SMBS comply with all HIPAA Regulatory Requirements?

Copyright © 2009 Symbiosis Medical Billing Solutions LLC. All rights reserved.

SMBS HIPAA News (09/17/08)

The U.S. Department of Health and Human Services (HHS) has levied the first penalties against a healthcare agency. Providence Health & Services, based in Seattle, has agreed to a six-figure settlement following HIPAA security and privacy violations related to the loss of 386,000 patients' personal health information. Before mid-July, settlements had previously been resolved by demanding organizations to resolve their privacy and security problems.


The HHS settlement agreement states that disks containing individuals' HIPAA-protected health records were taken from employees' cars on at least five occasions in 2005 and 2006. The agreement also mandates that Providence Health and Services use encryption and other data protection policies to prevent the opening of authorized files. Providence must also train employees on security processes and issue compliance reports to HHS for three years.


This news should eliminate the false perception among healthcare organizations that HIPAA compliance is optional. Now that fines and monetary penalties are on the table, it's time for enterprises to shore up their HIPAA compliance programs, and that means being prepared for that next audit.


Reprinted from SearchSecurity.com