HIPAA Privacy and Security Rule and HITECH Act
CBORD is reviewed and audited annually by a third-party firm to ensure compliance with the HIPAA Privacy and Security Rule as well as the HITECH Act requirements, including the Omnibus Rule. We have developed policies and procedures that limit the access of staff members to only the minimum necessary electronic protected health information (ePHI) required to perform or support their job functions. All data containing ePHI is encrypted while being transmitted and while being stored on CBORD’s network in an effort to protect and safeguard sensitive patient information.
CBORD’s physical offices and data center have passed a thorough and comprehensive risk analysis that evaluates the security of all networks and hosts. Our management proactively monitors controls and processes around all ePHI as federal and state rules evolve. In addition, all CBORD staff members receive compliance training on a recurring basis.