HIPAA Compliance & Data Security

Protecting patient health information and your data at Emax goes beyond the letter of the law. It's not just about the required business associate agreement or backup disks—it's a way of thinking.

It is little wondert that Emax was the first revenue cycle management (RCM) and medical billing company to achieve HBMA's Compliance Accreditation. The Healthcare Business Managament Association (HBMA) Compliance Accreditation Program assesses compliance with HIPAA and with Health and Human Service Office of Inspector General (OIG) compliance standards on fraud, waste and abuse; the Stark Law, which is designed to prevent conflicts of interest by medical providers in their prescribed patient care; federal Anti-kickback law; and the OIG work plan.

Achieving accreditation required a comprehensive evaluation of Emax's policies and practices with respect to employee training; security risks, including the security of confidential patient health information; documentation storage and handling; practices to promote compliance with federal regulations; disaster and emergency preparedness plans; and human resources practices, including background check procedures and onboarding. 

The process is a rigorous one that is ongoing and reviewed annually for accreditation. The HBMA accreditaiton confirms Emax's efforts adhere to the complex federal regulations that affect healthcare. To be recognized and accredited by HBMA is a significant achievement that provides our clients—and soon-to-be clients—confidence that Emax acts in their best interest.

HIPAA-Compliant Billing

Emax takes extraordinary steps to ensure the privacy of your patients’ protected health information. Those steps go beyond the typical staff training and software compliance. For example, our faxes are sent and received via a HIPAA-compliant fax service, and when printed, each incoming fax includes a cover page that hides its content. Our telephone system uses digitally encrypted technology, as do the wireless headsets worn by our staff. Documents are destroyed with a security-rated shredder. Even the combination lock on our office door is HIPAA compliant and tracks the people who use it. Paper-based protected health information (PHI) is scanned for archival and stored under lock and key before being destroyed.

Data Security

In addition to operating in a building that uses card-key access with video security, Emax performs multiple levels of data backup to ensure that your data is protected. Emax maintains multiple instances and backups of data and redundant storage. Workstations require require multi-factor authentication, and all Emax systems employ full-disk encryption. Emax maintains a disaster recovery plan. And in case of power failures, our systems have uninterruptible power supplies that provide enough time for a graceful shutdown to ensure data integrity. And of course, claims submitted electronically are digitally encrypted, and email communications that contain PHI are also encrypted.