Patient Privacy (HIPAA) and Regulatory Compliance
CBC’s privacy, confidentiality and security policies follow guidelines as currently established by the Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act (FCRA), the Fair Debt Collection Practices Act (FDCPA), GLBA, Sarbanes-Oxley, PCI, and other regulatory requirements.
As a provider to numerous healthcare providers, we employ strict guidelines for how we handle Protected Health Information (PHI). On behalf of our clients, we protect against lapses or violations that would put them or us at risk for non-compliance. CBC has proactively analyzed each HIPAA requirement, how it affects our healthcare clients, and what we need to do as your business partner to ensure we meet these requirements. We have taken the following steps to ensure we comply with all aspects of the HIPAA regulations:
- Corporate HIPAA Review – CBC management periodically reviews HIPAA compliance at least annually to ensure compliance with regulations.
- Systems are HIPAA Compliant – All CBC systems and File Transfer Processes are encrypted to ensure compliance with HIPAA
- CBC HIPAA Training – We provide annual HIPAA training to all employees, who are then required to sign an agreement, signifying that they understand HIPAA patient privacy requirements and agree to comply.
- Secure FTP Data Transfers
- SOC 2 Compliant
- Next Gen Firewall
- Offsite Storage w 24 Hour Disaster Recovery
- Vendor Partners – We require each vendor partner to sign a Business Associate Agreement, stating their understanding and agreement to comply with HIPAA patient privacy requirements