The P&S Network appreciates and understands the major changes our healthcare industry clients are undertaking for compliancy within the Health Insurance Portability and Accountability Act of 1996.  HIPAA impacts all areas of the healthcare industry. While the law was designed to improve the efficiency of healthcare by standardizing the exchange of administrative and financial data, it also includes protecting the privacy, confidentiality and security of patient healthcare information (PHI). This protection is encompassing to include the same standards and commitments from Business Associates, previously known as vendors or partners.

The P&S Network is committed to honoring HIPAA guidelines at every level of operations.  We understand our duty as a responsible and conscientious business associate in the healthcare industry.  We recognize that our actions are imperative in maintaining a chain of trust link for each of our valued healthcare clients.  The P&S Network is HIPAA ready and will continue to work towards maintaining/exceeding all security and privacy regulations in accordance with both the current and future rulings.

The P&S Network wishes to highlight several of our established standards, administrative procedures, physical safeguards, technical security devices and technical security mechanisms when dealing with PHI. 

Transmission/Security:

While the guidelines for the Transaction Codes and Data Elements (including the X12N version 4010) do not apply to the transmission for processing, printing and mailing of patient statements/invoices, The P&S Network has taken action to ensure security integrity and vulnerability are addressed and enforced.   

The P&S Network constantly monitors our web security in order to protect the integrity of data transmissions. This includes the continual monitoring of user access, password changes, account modification, file uploads, file downloads, and deleted files.  The P&S Network uses these systems concurrent with activity logs to audit and protect systems and data, every log is reviewed regularly with any anomalies or discrepancies thoroughly investigated and documented as to the cause and the resolution. 

Advanced firewall technology is utilized to protect our user database from unauthorized intruders when connected to the Internet. Data entering or leaving the network must pass through this firewall, which examines each message, blocking those not meeting stringent security criteria.   

Our FTP (File Transfer Protocol) site uses server-based Secure Socket Layer (SSL). SSL technology provides advanced (128- bit) strong encryption tools that convert data into code before it is transmitted over the internet. This technology also requires verifiable logon identification and passwords only known by authorized staff. 

In addition to the above mentioned security levels, our company, uses protocol controls to transmit data securely by means using QuickSSL and Premium SSL certificates. Exclusive QuickSSL Premium features:

Once files are received from clients by any electronic means (phone modem, internet, email, hard copy disk) strong  steps are met to restrict and protect the privacy of data from inappropriate use and disclosure including. 

Privacy: 

HIPAA privacy guidelines are meant to protect patient’s health information.  While each of our Covered Entities are required to obtain consent and authorization from an individual prior to disclosing individual PHI, The P&S Network continues to illustrate our business associate commitment.  We have the following procedures in place to act in accordance with HIPAA privacy issues:  

Access to any data information is limited to authorized personnel with a ‘minimum need to know’ standard. State-of-the-art internal firewalls are used to restrict unauthorized personnel from inadvertently accessing patient data. Only personnel directly involved with processing patient statements have access to data files.  

Data received from our clients is used solely for client controlled projects as they relate to process, printing and mailing projects (example: of patient billing statements) through our strategic manufacturing partner program. Data is solely the property of each client and is never duplicated, extrapolated, sold, transmitted to an unauthorized third party, or manipulated in any way. Any and all exceptions require the expressed written authorization and specific instructions from an Officer of the client’s organization. 

Any misprints, hardcopy test files, spoilage, or reprints are destroyed on site in a secure environment.  All data deemed for shredding is stored in a secure locked container located on site. Strict guidelines are in place regarding supervision and destruction of the contents. 

To re-enforce the confidentiality of all data information, The P&S Network has each employee sign a confidentiality agreement. Under terms of the agreement, all employees agree not to use, publish or disclose, or permit others to use, publish or disclose, any confidential information they may come in contact with. Violation of this agreement warrants immediate termination.

 Regularly scheduled staff meetings include agenda items discussing confidentiality and our commitment to exceed all federal, state and local privacy guidelines. These staff meetings along with ongoing training ensure each staff member understands, validates and exemplifies our commitment to our clients.