Contents. Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule

Similar documents
INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT

Strategies for Social

EMC Information Infrastructure Solutions for Healthcare Providers. Delivering information to the point of care

a physicians guide to security risk assessment

Understanding GxP Regulations for Healthcare

Ready for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements

You Might Have a HIPAA Breach. Now What?

You Might Have a HIPAA Breach. Now What?

EGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY Created for mike elfassi

INFORMATION IS... HEALTH IT DATA MANAGEMENT BEST PRACTICES INFORMATION IS...YOUR ADVANTAGE

Speed Business Performance, Lower Cost, and Simplify IT with Automated Archiving

Simplify Governance, Risk, and Compliance with Enterprise Content Management

PhlexEview: Transforming Costly Paper Processes into Value Driven Compliance

Solutions We approach your solution from every point

Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi?

Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi?

WHITE PAPER. Optimize Your Customer Engagement with Customer Communications Management (CCM)

Managing the Business Associate Relationship: From Onboarding to Breaches. March 27, 2016

White paper June Managing the tidal wave of data with IBM Tivoli storage management solutions

Merge Unity HIPAA COMPLIANCE STATEMENT. Merge Healthcare 900 Walnut Ridge Drive Hartland, WI 53029

We know doctors. isalus.

UNIVERSITY STANDARD. Title UNIVERSITY OF NORTH CAROLINA AT CHAPEL HILL STANDARD ON ENTERPRISE DATA GOVERNANCE. Introduction

What good would having all your images on a single platform do? Agfa HealthCare. Enterprise Imaging

The Relationship Between HIPAA Compliance and Business Associates

Preparing for the General Data Protection Regulation (GDPR)

Navigating the New Health Economy

The New World of Unified Image Management

Proven leadership, smart innovation, customer success B E N C H M A R K I N H E A LT H C A R E I T.

WHITE PAPER JUNE Running a Successful Global Payroll Implementation

WHITE PAPER 5 QUESTIONS YOU SHOULD ASK YOUR PAYROLL PROVIDER

HIPAA Compliance. Mandatory for 7 MILLION Covered Entities (CE) & Business Associates (BA) 70% of the market is NOT compliant!

Preparing for an OCR Audit: What is Expected of You

IBM System Storage. IBM Information Archive: The next-generation information retention solution

A Guide to Building a Healthy Dental Practice. technology mistakes that can damage or destroy 7 your dental practice - and how to avoid them

CRITICAL OF CHOOSING THE SOLUTION

IBM GMAS PROVIDES ENHANCED SAFEGUARDS AGAINST DATA LOSS, INCREASES EFFICACY OF STORAGE INVESTMENTS

6 Ways To Protect Your Business From Data Breaches in 2017

RSA ARCHER IT & SECURITY RISK MANAGEMENT

ebook PSA Buyer s Guide What every managed service provider needs to know before buying a business management platform

Strathclyde Partnership for Transport

HIPAA Demystified: Strategies to Bullet Proof Your Compliance Plan. Chris Apgar, CISSP Ron Moser, CISA, CRISC

Reimagine: Healthcare

Accelerate GDPR compliance with the Microsoft Cloud Henrik Mønsted

Securing Your Business in the Digital Age

ebook PSA Buyers Guide What every service provider needs to know before buying a business management platform.

How to Choose a Managed Services Provider

DATA ON THE MOVE = BUSINESS ON THE MOVE

Sarbanes-Oxley Compliance Kit

Speed Up and Strengthen Financial Processes

SOLUTION PAPER SITUATOR FOR ELECTRIC UTILITIES AND NERC-CIP COMPLIANCE

Security overview. 2. Physical security

Considerations when Choosing a Managed IT Services Provider. ebook

Module: Building the Cloud Infrastructure

An Integrated Solution to Your Medical Billing & Collection Needs

ASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016

Streamline Physical Identity and Access Management

Corporate Background and Experience: Financial Soundness: Project Staffing and Organization

Mandatory notifiable data breach reporting: the importance of securing your print and capture environment

Managed Cloud storage. Turning to Storage as a Service for flexibility

Delivered by Sandra Fuller, MA, RHIA, FAHIMA. April 29, 2009

Fulfilling CDM Phase II with Identity Governance and Provisioning

Privacy Officer s Guide to Evaluating Cloud Vendors

Help Reduce Paper with nq360 Document Scanning and Routing

Strategies for Ensuring Integrity for Medical Tissues and Devices

Insurance Outsourcing Services

Manage more data, meet healthcare regulations and improve availability

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Infor CloudSuite solutions Flexible, proven solutions designed for your industry. Infor CloudSuite

KRONOS iseries CENTRAL SUITE

SafeNet Authentication Service:

The Case to Modernize Storage in Media and Entertainment

Unleash the Power of Mainframe Data in the Application Economy

Xerox DocuShare 7.0 Content Management Platform. Enterprise content management for every organization.

WHITE PAPER EU General Data Protection Regulation Compliance

Banno Digital Banking Suite. Digital banking solutions for forward-thinking financial institutions.

How to Finish the HIPAA Security Risk Analysis and Meaningful Use Risk Assessment

Collaboration with Business Associates on Compliance

An Introduction to An Introduction to. BIRST Infor EAM

Nuance Power PDF is PDF uncompromised.

Nuance Power PDF is PDF uncompromised.

Next generation Managed Print Services

T²Enterprise. Mapping Communication Translation Management. T 2 Tran. EDI solution Translation/transport Monitoring/tracking.

THE SOCIAL ENTERPRISE

Venn Health Partners. Venn Health Partners, 906 Oak Tree Ave, Suite R, South Plainfield New Jersey, 07080,

SUPPORT SERVICES FOR DELL EMC VXBLOCK SYSTEMS, VBLOCK SYSTEMS, AND VXRACK SYSTEMS

Fujitsu End User Services Delivering a service as mobile as your people need to be

Prepare for GDPR today with Microsoft 365

TOP 20 QUESTIONS TO ASK BEFORE SELECTING AN ENTERPRISE IAM VENDOR

Infor Cloverleaf Integration Suite

GET A NEW VIEW OF YOUR BIG PICTURE.

Sage ERP Solutions I White Paper

CONSULTING & CYBERSECURITY SOLUTIONS

FAQ Guide CLOUD FAX SERVICES FAQ GUIDE. 11 Questions to Help Oracle Users Find the Ideal Solution

SAP and SAP Ariba Solution Support for GDPR Compliance

General Data Protection Regulation and Episerver Learn how to leverage your organization s data to support GDPR compliance.

Legacy Health Data Management, an Overview of Data Archiving & System Decommissioning with Rick Adams

The top 8 reasons. to outsource your IT. to a managed services provider

John D. Halamka, MD, MS

How Paperless ERP in the Cloud Can Brighten Accounting Processes. Cloud-based ERP Enables Productivity, Reduces Costs and Boosts Revenues

ARCHIVING REGULATIONS

Transcription:

BEST PRACTICES Iron Mountain Document Conversion Services HEALTHCARE HIPAA Omnibus and the Implications for Document Conversion Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule Contents 3 EMR Transition: The Growing Importance of Document Conversion 5 The Value of Choosing a Compliant Partner for Document Conversion 7 Iron Mountain Document Conversion Services: Part of a Total EMR Enablement Solution 10 End-to-End Compliance 15 Conclusion Healthcare institutions are moving rapidly to adopt Electronic Medical Records (EMR) and achieve Meaningful Use requirements. Central to these efforts is document conversion the scanning of new and existing records to digital format. However, document conversion involves much more than scanning. Indeed, it touches on all aspects of records management from paper and film management, digital storage and archiving, and the transport and transmission of patient information throughout a healthcare facility. It also requires careful consideration of regulatory requirements across the entire information life cycle. Clearly, this is no easy task given the ever-evolving nature of these requirements a point most recently proven by the U.S. Department of Health and Human Services (HHS) release of the HIPAA Omnibus Final Rule. The Rule is HSS attempt to strengthen privacy and security in today s increasingly electronic times. Unfortunately, for providers, this means they must reevaluate their policies and processes, including their document conversion services, to ensure compliance. Throughout this primer, we will help you map the most up-to-date regulatory requirements to best practices that can help simplify the management of today s hybrid environment and support your transition to electronic records. 800 899 IRON (4766) / ironmountain.com 1

Managing protected health information in today s complex, ever-evolving regulatory environment requires transformational approaches, especially in terms of document conversion.

THE HIPAA PRIMER The Importance of Compliant Document Conversion EMR Transition While the EMR promises great benefits such as quickly and effectively providing access to the right records throughout the treatment cycle and across a health system it also poses great challenges, especially in the area of compliance. As healthcare organizations transition from a paper to digital environment, records are often maintained in a hybrid state with complex workflows. Information is stored in both digital and physical formats, as well as multiple departments and storage facilities, forcing providers to search across various silos of information to find a single, complete patient record. In order to overcome this information management challenge, paper records and film should be scanned, converted to digital, and managed in a manner that is secure, compliant and cost-effective. In short, it s not only important to understand existing and emerging regulatory requirements but also how they integrate with mission critical processes such as document conversion. (see table on page 4) 800 899 IRON (4766) / ironmountain.com 3

What the HIPAA Privacy Rule requires The HIPAA Privacy Rule requires establishing and implementing measures to ensure the confidentiality, integrity, and availability of all protected health information (PHI), while the Security Rule addresses safeguards specific to the security of electronic protected health information (ephi). Who Must Comply. Health plans, healthcare clearinghouses, healthcare providers (also known as Covered Entities ), business associates to whom they provide health information and the subcontractors of those business associates. What It Covers. PHI includes any information about health condition, treatment or payment for care that can be related to an individual. The term is a broad one and generally includes all information contained in a patient s medical record and payment history. What the Penalties Are. The government has ramped up enforcement and penalties related to the protection of patient information. Penalties can reach a maximum of $1.5 million annually per type of violation. On the enforcement side, state attorneys general, in addition to the Department of Health and Human Services (HHS), have been given authority to prosecute HIPAA violations. In the future, we can expect the following: WHAT THE HIPAA OMNIBUS RULE REQUIRES The Omnibus Rule essentially modifies the Privacy and Security Rules to: Expand the definition of business associates to include any vendor that creates, receives, maintains or transmits PHI Require business associates to enter into a written and comprehensive contract that contains specific provisions required by HIPAA Identify new and expanded individual rights Incorporate the increased and tiered civil money penalty structure Replace the Breach Notification Rules harm threshold with a more objective standard Require providers to respond to a patient s written request for copies of their PHI within 30 days (eliminating the 60-day timeframe for records maintained offsite) Enable patients to request information about care to be withheld if the patient paid for these services out-of-pocket 1. Any civil monetary penalties recovered by HHS will be used for their future enforcement efforts. 2. Individuals harmed by a violation may receive a percentage of the penalties, thus encouraging patients to report and authorities to prosecute violations. 4 800 899 IRON (4766) / ironmountain.com

Choosing a compliant partner for Document Conversion Document conversion, by itself, is a straightforward process. Documents are scanned in a digital format and transmitted to a secure FTP site. But, the conversion process raises many complex issues related to compliance and the transition to a fully electronic record. For example: How will you manage the redundancies and inconsistencies common in paper-based legacy systems? How will you design, implement and control the complex workflows of a hybrid environment? How will you store electronic records in a way that makes them secure, accessible and, compliant? How can you maintain retention and destruction schedules that meet regulations and your own requirements so you store only the records you need to store, whether paper or digital? Not only is it important that your institution be compliant, but HIPAA requires your third-party partner be compliant as well. Document conversion is at the nexus of HIPAA compliance, where paper and electronic records converge. Thus, healthcare organizations must choose a document conversion partner that understands HIPAA and how to align complex workflow processes to meet regulatory requirements. Such a partner will not only help you convert documents cost-effectively, but will also enable you to efficiently move to electronic records, while maintaining HIPAA compliance and keeping pace with government initiatives like the American Recovery and Reinvestment Act (ARRA). Document conversion, along with the move to the EMR, is a daunting challenge, but with the right partner you will be able to reap long-term benefits for your organization and your patients. 800 899 IRON (4766) / ironmountain.com 5

Iron Mountain Document Conversion Services digitize paper records and film in a manner that is secure, compliant and cost-effective, to help you simplify the transition to electronic records for improved document access.

THE HIPAA PRIMER Part of a total solution Iron Mountain Document Conversion Services At Iron Mountain we understand the challenges and opportunities inherent in the document conversion process. That s why Iron Mountain provides a holistic and compliant approach to transition. We leverage a combination of specialized imaging programs, data backup and archiving services and secure records storage to build a customized solution that helps you efficiently manage information in the hybrid environment and accelerate your migration to electronic records. At the core of this solution are our Document Conversion Services, which integrate seamlessly with your existing systems and processes to help you cost-effectively convert your paper records and films to electronic format. Our Document Conversion Services provide: Capabilities that align with relevant HIPAA requirements. A large footprint of secure local and regional Record Centers. The experience and best practices gained from scanning over 20 million + images per month across North America. Highly trained personnel. High-speed scanners and industry-leading software for fast conversion and high-quality images. Direct integration with major EMR systems or delivery via a secure FTP site. Secure, offsite archiving and backup for storing electronic data. A documented chain of custody that ensures records are protected throughout the entire process. Stay in control with Iron Mountain Connect As a service to our customers, we provide Iron Mountain Connect. This highly secure Web-based system offers you access to the tools and applications you need to easily and cost-effectively manage your document conversion and other records activities. With Iron Mountain Connect, you can: Quickly locate physical records in the hybrid environment Easily schedule documents for conversion Consistently manage the retention and destruction of physical records Assign employee authorization levels and monitor access 800 899 IRON (4766) / ironmountain.com 7

The Iron Mountain Document Conversion services include: Paper Document Scanning. We work with you to build a compliant, cost-effective digital workflow, allowing you to select any combination of our imaging options to meet your operational and regulatory needs. Day-Forward Conversion. Even after you transition to the EMR, certain records will continue to be created on paper. You will need a compliant solution for converting these documents to electronic format as soon as possible and integrating them into the appropriate electronic content management system. Day-Forward Conversion helps you build a workflow that seamlessly puts your organization s newest records into an electronic format. Our experts work closely with your staff to define a plan for automatically digitizing records not created electronically from a designated date onward helping you establish a convenient, cost-effective way to streamline processes, shorten your revenue cycle, and minimize future storage requirements and costs. Image on Demand. The Iron Mountain Image on Demand service gives you the flexibility to digitize only what you need, when you need it, and deliver it in a timely manner. Image on Demand enables you to selectively convert only the portions of the patient record required for clinical care. These scanned records are encrypted for secure transmission to a secure FTP site or the EMR system avoiding the costs typically associated with a large-scale conversion initiative. Backfile Conversion. Iron Mountain can help you establish a fast, efficient process for the bulk conversion of paper records to electronic format. Our Backfile Conversion process employs a project-based approach focusing on converting a specific subset of your existing records such as those generated within the last year only enabling you to rapidly populate your EMR system, while keeping costs under control. Film Digitization. To help our healthcare partners move to a fully digital environment, Iron Mountain also provides full scanning and digitization services for our radiology customers. X-ray on Demand. Iron Mountain X-ray on Demand provides a scanning and digitization service for radiology customers storing analog films with Iron Mountain. When an X-ray study is requested, we retrieve, digitize and then convert the film to a standard format. It is then indexed, encrypted for security, and sent to your PACS or a quality control station. X-ray on Demand lowers total cost of ownership and enables a healthcare provider to proactively plan for managing historical radiology records as an integral part of the conversion to a fully filmless radiology environment. Whatever Iron Mountain Document Conversion Service you choose, you can feel confident your information will remain highly protected yet readily accessible throughout the conversion process. Our holistic approach not only helps you cost-effectively convert your documents but also offers you access to the data backup and archiving solutions necessary to ensure that, once created, your electronic data is fully protected and preserved. 8 800 899 IRON (4766) / ironmountain.com

The Bottom Line: Iron Mountain ensures our Document Conversion Services are compliant with HIPAA regulations, so you can be compliant too. 800 899 IRON (4766) / ironmountain.com 9

THE HIPAA PRIMER End-to-end compliance Omnibus is the final regulation modifying the HIPAA Privacy, Security and Enforcement Rules. Iron Mountain Document Conversion Services Iron Mountain has established proven workflows for document conversion based on best practices, and we apply these workflows consistently throughout our operations. We operate Imaging Centers staffed by trained personnel and equipped with the latest technologies, security systems, and careful monitoring of every action and process. The bottom line is, we make sure our Document Conversion Services are compliant with HIPAA regulations, so you can be compliant too. Key Requirements of the HIPAA and Omnibus Rules The HIPAA Privacy and Omnibus Final Rules are intended to ensure that Protected Health Information is not used or disclosed inappropriately or without the patient s permission. The Security Rule is specifically designed to protect PHI that is used and stored electronically. Both aspects of the rule apply to document conversion. HIPAA rules cover three broad areas of activities: Administrative Safeguards. Operational processes and procedures, such as training, workflow, and the release of information, to ensure information is always handled according to policy. This section of HIPAA also requires a contingency plan, also known as a disaster recovery plan. Physical Safeguards. Physical controls, such as locks, access to keys and supervision, to protect against unauthorized physical access. Technical Safeguards. Data-related information systems and associated controls, such as database security, network protection and user authorizations and passwords, to protect data from software intrusions and attacks. 10 800 899 IRON (4766) / ironmountain.com

Administrative Safeguards HIPAA requires that PHI and ephi be protected and secured throughout all stages of document conversion. This means documented procedures for operational processes such as training, workflow and contingency planning must be put in place to ensure that information is always handled according to policy. Iron Mountain meets this requirement, and helps you meet it, in several ways. Access and Uses. Iron Mountain uses and discloses PHI only for the purpose of delivering our services in response to requests from our customers, as required under HIPAA. To make sure this happens, we: Physically restrict access to customer PHI during transit, conversion and storage of both the original paper documents and the converted electronic records Electronically track and maintain an auditable log of all tasks and operations performed. Provide you with tools to manage how your employees access digital records through Iron Mountain Connect. Privacy Policies and Procedures. Iron Mountain has established standard operating procedures for our imaging and records conversion processes, and these procedures are uniformly applied at each of our Imaging Centers. Our staff is trained on our document imaging procedures, and adherence is verified through regular site inspections. Workforce Training and Management. HIPAA requires training of workers who handle PHI. Iron Mountain s training program for document conversion is thorough and compliant. Since document conversion invariably involves the handling of patient information, our Imaging Center staff receives training and instruction on HIPAA regulations. In addition, our workforce management procedures include: Comprehensive background checks for new hires Comprehensive training specifically addressing HIPAA requirements. Code of Conduct and Ethics Training. Mitigation. In order to achieve and maintain compliance, you must evaluate the security and compliance of your document conversion program on a regular basis. Iron Mountain has a team dedicated to monitoring HIPAA requirements and evaluating our compliance. This team proactively tracks changes to industry regulations and works with Iron Mountain operations personnel on an ongoing basis to improve processes, mitigate risks, and ensure continued compliance. Data Safeguards. Processes should be in place to safeguard data at all stages of document conversion. Iron Mountain maintains data safeguards for records in our care across all operations and for all personnel. Safeguards include: Restricted access to customer PHI throughout transit, scanning, storage and disposal. Monitoring and tracking of all activities. Highly secure, best-in-class facilities protected by state-of-the-art security systems. Document Conversion Compliance Checklist HIPAA regulations now require your business associates, as well as your own institution, to be compliant. Iron Mountain maintains the following policies and procedures to promote compliance. Administrative Fully documented chain of custody Policy of accessing and retrieving only the minimum information needed to perform a specific job or task Written protocols and training for handling Protected Health Information Documenting and monitoring workflows Web software to help you manage and track records-related activities Audit trail and documentation of physical and electronic disposal policies and procedures Screening of employees using comprehensive background checks 800 899 IRON (4766) / ironmountain.com 11

Documentation and Record Retention. HIPAA requires documentation that records are protected throughout their lifetime, up to and including their destruction. Iron Mountain helps you maintain compliance by using Iron Mountain Connect, which allows you to capture and manage the retention status of your documents. Once documents have been scanned, original files may be stored securely at Iron Mountain facilities or destroyed using compliant destruction processes, which include multiple sign-offs, a comprehensive audited chain of custody from the moment the information is picked up to the moment it arrives at an Iron Mountain facility, and a Certificate of Destruction. Contingency Plan. Iron Mountain s contingency planning for Document Conversion Services includes multiple layers. A minimum of two business document scanners are installed in each Imaging Center, providing in-center redundancy and backup capability. In addition, our scanners are under regular maintenance contracts to help minimize unscheduled downtime. Furthermore, all of our Imaging Centers utilize highly redundant, centralized back-end processors. This offers you a high degree of reliability and protection as it enables each Imaging Center to provide recovery for the other centers in the event of a disaster. Our Disaster Recovery services offer: Centralized management that allows application software and supporting documentation to be distributed to any site in minutes. Standard operating procedures for consistent operations regardless of physical location Centralized processors that use redundant, fault-tolerant equipment. Centralized back-end processors located in an Iron Mountain Data Center that is 220 feet underground in a geographically stable location; the backup site is in a similar secure underground location over 500 miles away. Audit Trail. Iron Mountain maintains and helps you maintain an auditable trail of all activities related to document conversion. You always know where your documents are, whether paper or electronic, and you can produce a variety of reports to meet both HIPAA requirements and your own administrative policies. Among the ways we help you meet the auditing requirement: Iron Mountain Connect, a secure Web-based portal, providing the ability to track, manage and report on document conversion and all other aspects of records management. All records requests are logged and recorded in Iron Mountain SafeKeeper PLUS. Tracking and logging by Iron Mountain of all tasks and operators. Consistent workflows that guide all activities related to scanning and other records activities. Document Conversion Compliance Checklist Physical Centralized location or vendor for storage of physical records and conversion services Physical access controls, such as locked facilities and visual monitoring Intrusion detection and alarm systems Environmental controls, fire detection and suppression systems Secure destruction of electronic records in accordance with retention policies Technical Firewall and virus protection Secure password protection Role-based access rules, so users can access only the software and data to which they have been granted access Unique user IDs to identify and track users Monitoring of Iron Mountain employees who log on and gain access to data Automated backup of all records at separate locations Direct integration with major EMR systems or delivery via a secure FTP site 12 800 899 IRON (4766) / ironmountain.com

Physical SAFEGUARDS HIPAA requires you and your partners to have controls such as locks, restricted access to keys, and supervision to ensure computer systems and patient information are protected from unauthorized physical access. At Iron Mountain, we ve developed what we believe are the highest standards for facility security in the industry. Our facility standards include: Placement of facilities outside of high risk areas, with comprehensive risk assessment processes for all facilities. Careful incorporation of physical access controls. Advanced fire-suppression controls with both ceiling and in-rack sprinkler systems. Intrusion detection systems, monitored by a central station. Strictly enforced process controls for the admittance and monitoring of personnel entering and exiting facilities. Mandatory facility audits to enforce accountability and monitor compliance with standards. Geographically separated, world-class underground data centers. Technical SAFEGUARDS HIPAA requires safeguards for data-related information systems and associated controls, such as database security, network protection and user authorizations and passwords, which protect ephi and control access to it. Iron Mountain employs advanced technical security measures when we store and transmit information. We will also work closely with your IT staff to help you implement compliant best practices within your own organization. Our technical safeguards include: Firewall and virus protection. Secure password protection. Role-based access rules, so users can access only the software and data to which they have been granted access. Unique user IDs to identify and track user identity. Monitoring of Iron Mountain employees who log on and gain access to data. Direct integration with major EMR systems or delivery via a secure FTP site. In addition, our Document Conversion Services offer additional safeguards to protect information integrity, such as: Centralized scanning for uniform quality across Imaging Centers. Automated contrast, brightness and threshold adjustments to optimize image quality. Multi-feed detection to prevent page overlaps and missed images. VirtualReScan software, a software option that offers image deskewing, image despeckling, image cropping, blank page removal, background suppression, and hole punch fill-in. 800 899 IRON (4766) / ironmountain.com 13

Beyond compliance Iron Mountain goes beyond compliance. We employ best practices developed through our years of experience working with leading healthcare institutions around the country. This best practices approach ensures all reasonable measures are taken to protect patient information. 14 800 899 IRON (4766) / ironmountain.com

THE HIPAA PRIMER Conclusion The transition to Electronic Records is accelerating, and so is the importance of document conversion. Iron Mountain Document Conversion Services offer more than just a comprehensive approach to conversion we offer the confidence and peace of mind that our solution is time-tested and compliant. Iron Mountain has been committed to meeting HIPAA privacy regulations since the law was first enacted in 1996. Through the years we ve continually and proactively adapted our solutions to align with the most recent iterations and modifications the release of the HIPAA Omnibus Final Rule is no different. With Iron Mountain, you can feel confident that the management of your records is HIPAA compliant and that you are working with a HIPAA-compliant business partner. Our Imaging Centers are built on years of experience at the country s leading healthcare organizations. We have a staff trained to the highest standards and state-of-the-art equipment. As a result, you get the services necessary to accelerate your conversion to electronic records, while ensuring your information remains securely protected yet readily accessible. To learn more about our HIPAA-compliant Document Conversion Services for healthcare, contact us today at 1-800-899-IRON (4766). 800 899 IRON (4766) / ironmountain.com 15

THE HIPAA PRIMER HIPAA Primer series Our HIPAA Primer Series offers you in-depth insights into the proven best practices policies and procedures Iron Mountain employs to ensure that our solutions not only meet but exceed HIPAA requirements. To learn more about how a specific solution can help you ensure your information remains highly secure yet readily accessible throughout its lifecycle, check out our other best practices guides from this series, including: Iron Mountain Cloud Storage Solutions HIPAA-compliant solutions for cloud-based storage Iron Mountain Data Protection Services Proven, trusted and HIPAA-compliant media management Iron Mountain Document Conversion Services HIPAA Omnibus and the Implications for Document Conversion Iron Mountain Records Management Services Records Management solutions that keep you HIPAA-compliant The HIPAA Primer What you should know about HIPAA Omnibus Final Rule About Iron Mountain. Iron Mountain Incorporated (NYSE: IRM) provides information management services that help organizations lower the costs, risks and inefficiencies of managing their physical and digital data. Founded in 1951, Iron Mountain manages billions of information assets, including backup and archival data, electronic records, document imaging, business records, secure shredding, and more, for organizations around the world. Visit the company website at www.ironmountain.com for more information. 2013 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks of Iron Mountain Incorporated in the U.S. and other countries. All other trademarks are the property of their respective owners. US-HC-EXT-BP-10232013-001 800 899 IRON (4766) / ironmountain.com 16

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback