Health
Insurance Portability and Accountability (HIPAA) Policy
Statement
for Business Associates
Medical Decisions Network (MDN) is
committed to maintaining a secure computing environment for
its customers. The company will follow all pertinent federal
regulations related to information confidentiality. This
document outlines the measures currently in place to safeguard
customer data. MDN will update these measures as necessary as
new regulations are enacted. These features support our
clients’ compliance with HIPAA. MDN provides tools in the
product systems to support our customer’s HIPAA compliance.
Back to top
Software Product
Security Features
MDN software systems reside on the
customer’s server and are safeguarded by hospital policies and
procedures. All systems are password protected. Hospitals
are responsible for safeguarding all user passwords and
changing them as needed. All products have an automatic,
user-defined timeout feature to safeguard against unauthorized
viewing of results if an authorized user fails to log off the
system. All software products allow auditing for
retrospective analysis of any change to the database.
Back to top
Remote
Access
MDN remote access to customer
computer networks uses virtual private network (VPN) as the
preferred mode, or other methods as mutually agreed upon with
the customer. Provisions for remote access are performed in a
secure manner and in compliance with the Business Associate
Agreement.
Back to top
MDN Facility Security
MDN is located 2000 Holiday Dr. in
Charlottesville, Virginia. Access to the facilities is
limited to employees and occasional guests. The facilities
are locked except during business hours. Only MDN employees
have keys to the buildings. Employees have dedicated,
password protected workstations.
Back to top
Regulatory Management
An MDN manager oversees healthcare
regulatory affairs including HIPAA regulations. This
individual reviews the pertinent regulations, conducts MDN
employee training and maintains the MDN HIPAA documentation.
MDN has policies that govern all data security matters within
MDN and with our customers. MDN employees, consultants and
advisors are all under a written confidentiality and
non-disclosure agreements, the provisions of which are
strictly enforced.
Back to top
Business Associate
Agreement
MDN is prepared to comply with all
provisions of the Business Associate contract as provided for
in the HIPAA privacy and security rules.
Back to top
MDN Employee Training
All MDN employees receive training
regarding their responsibility for patient privacy under the
HIPAA regulations. This training is conducted as necessary
and at least annually. MDN Human Resource Department policies
support the safeguarding of patient data.
