HIPAA Policy
At EAP Expert Inc., we provide our customers security and privacy features that enable EAPs and Healthcare organizations to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Public Law 104-191 requirements.
One cannot claim HIPAA compliance for products or services. Only the EAP or healthcare organization itself can be HIPAA compliant. EAP Expert Inc’s. customers should review the privacy and security features of our products to verify how they fit into their institution’s privacy policies and procedures so they can provide HIPAA compliance.
Following is an overview of some of the relevant HIPAA requirements and of the relevant EAP Expert product features and company-wide policies and procedures that address security and privacy.
HIPAA General Computer Protection
HIPAA requires the implementation of several protective measures in regard to privacy issues as they are related to computers, software, etc.
According to HIPAA, the most basic aspects of computer security are the following measures:
HIPAA Technical Safeguards
EAP Expert provides technical safeguards to guard data integrity, confidentiality, and availability in our software products. The following items are controlled through the Security Module in the software.
Access controls
Role-based access
Passwords security
Audit Controls
At EAP Expert Inc., we provide our customers security and privacy features that enable EAPs and Healthcare organizations to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Public Law 104-191 requirements.
One cannot claim HIPAA compliance for products or services. Only the EAP or healthcare organization itself can be HIPAA compliant. EAP Expert Inc’s. customers should review the privacy and security features of our products to verify how they fit into their institution’s privacy policies and procedures so they can provide HIPAA compliance.
Following is an overview of some of the relevant HIPAA requirements and of the relevant EAP Expert product features and company-wide policies and procedures that address security and privacy.
HIPAA General Computer Protection
HIPAA requires the implementation of several protective measures in regard to privacy issues as they are related to computers, software, etc.
According to HIPAA, the most basic aspects of computer security are the following measures:
- Virus protection: Virus protection software, such as Norton.
- Password: Install a password to restrict access. Change the password regularly and document your policy/procedure for doing so.
- Access log: Keep a log of who has accessed the computer.
- Firewall: This is generally inexpensive, easy-to-install software or hardware that protects your computer from unauthorized access over the network.
HIPAA Technical Safeguards
EAP Expert provides technical safeguards to guard data integrity, confidentiality, and availability in our software products. The following items are controlled through the Security Module in the software.
Access controls
- HIPAA mandates that you restrict, monitor, and control access to client information on the computer by installing passwords and other ways of verifying personal identification.
- EAP Expert allows for individual users to be allowed to view only specific modules according to defined access rights.
Role-based access
- Different management and administration roles are possible in the system. Context-based access
- Access Control restrictions can be placed on individual users, groups, or specific locations.
Passwords security
- User self-defined. Rules and enforcement are to be determined the user’s internal requirements.
Audit Controls
- EAP Expert stores activity into detailed Audit Logs. Logs for access, study viewing, report reading and writing etc. are recorded in EAP Expert.
- The Audit Log is accessible only by administrators who can monitor system activity and attempts of security breaches.
