HIPAA Compliance

HIPAA  Compliance

Protecting Patient Data in Physical and Virtual Environments

What it Means

HIPAA stands for the Health Insurance Portability and Accountability Act (HIPAA) which regulates the disclosure of individuals’ health information – also called protected health information (PHI). According to the standards set forth by the U.S. Department of Health and Human Services, PHI covers all “individually identifiable health information” which specifically includes demographic information such as name and address, as well as credit card numbers. Any piece of information that can be traced back to an individual is subject to HIPAA regulations.

In addition to complying with all HIPAA regulations, Rectangle Health is proud to be Payment Card Industry (PCI) Certified. PCI Certification demonstrates the gold-standard of credit card security and encompasses rigorous measures to secure and protect data in both physical and virtual environments.

Why it Matters

Many of us have heard of the massive fines given to organizations that have violated HIPAA. Data breaches are not only a concern for large entities. Every business that deals with patients needs to be aware of HIPAA compliance because a violation can be as simple as sending a payment receipt to the wrong person.

What We Can Do

Rectangle Health specializes in medical payment data security for healthcare enterprises.
As a premier provider of medical payment solutions, we keep PHI safe by storing all customer data in a secure, encrypted vault protected by layers of industry-leading, state-of-the-art technology. Sensitive information is not held on your premises or stored on your servers or computers.
We ensure you have the peace-of-mind of knowing your payment transactions are PCI HIPAA compliant with features such as:

  • Address Verification System
    Our Address Verification System (AVS) confirms the identity of every online payer by comparing the billing address to the address on file at the financial institution that issued the credit card. AVS not only confirms identity, but it also ensures that the financial details of the transaction are sent to the correct address, if mailed.

  • Point-to-Point Encryption
    Our state-of-the-art, point-to-point encryption (P2PE) solution protects your organization from data theft. P2PE encodes payment card data from the moment the card is used until it reaches the payment processor, making it unreadable to third parties.

  • Tokenization
    Tokenization is another way to make credit card numbers unusable. This method of security turns card numbers into tokens – randomly generated sets of numbers meaningful only to the card processor.

  • Fraud Monitoring
    Trained risk management experts consistently monitor transactions, so that the safety and security of every transaction are guaranteed.

What You Should Do

Everyone involved in the business of healthcare needs to be aware of HIPAA regulations and maintain workflows and policies that support a compliant environment. Some suggestions for ensuring HIPAA compliance in your office include:

  • Yearly training for all personnel involved in medical business transactions, so PHI is appropriately identified and handled

  • Discourage, or even ban, the practice of writing down credit card numbers

  • Confirm all statements and receipts are sent to the correct party

  • Designate a part of the office where financial information can be discussed outside the hearing of others

  • Employee awareness of minimum disclosure (only take the information you need to perform a transaction)

  • Ask if your partners and vendors are willing to sign a BAA (Business Associate Agreement) which creates a bond of liability for both parties

  • Require HIPAA compliance from all your vendors

Rectangle Health Guarantee

If you don’t see a dramatic reduction in accounts receivable balance after a few months of instituting our full program, we’ll take the entire system back at no charge to you.