This HIPAA compliance statement describes NOAH's policies, procedures, controls and measures to ensure current and ongoing compliance.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines a set of regulations protecting the privacy and security of certain health information. The Department of Health and Human Services (HHS) has published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form.
A major goal of the Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. Given that the health care marketplace is diverse, the Security Rule is designed to be flexible and scalable so a covered entity can implement policies, procedures, and technologies that are appropriate for the entity’s particular size, organizational structure, and risks to consumers’ electronic protected health information (e-PHI).
The Security Rule applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the HHS has adopted standards under HIPAA (the “covered entities”) and to their Business Associates.
NOAH works with many organizations who may be defined as a Covered Entity under HIPAA.
NOAH has undergone a comprehensive review of all administrative, technical, and physical safeguards to ensure the protection of e-PHI.
Ensuring the confidentiality, integrity, and availability of all e-PHI created, received, maintained, or transmitted
Identifying and protecting against reasonably anticipated threats to the security or integrity of the information
Protecting against reasonably anticipated impermissible uses or disclosures
Ensuring compliance by our workforce
NOAH has implemented the necessary controls to ensure HIPAA compliance including administrative, physical, and technical controls.
NOAH ensures that the data centers have implemented strict facility access policies and all necessary and appropriate controls. Strict policies are in place to ensure e-PHI is only housed in secure locations.
NOAH has implemented appropriate technical safeguards including authentication and authorization for our employees and for user of our applications. Appropriate auditing and integrity controls are in place. All data transmissions to the data centers require encryption. Additional systems have been implemented where appropriate to ensure the highest level of security for our hosted applications.
Further documentation on specific policies and measures in place is available upon request. This Statement of HIPAA Compliance is meant for informational purposes only and not as a form of covenant, warranty, representation or guarantee of any kind. We encourage the use of Business Associate Agreements to address specific compliance requirements.
For further information, please contact us by one of the following methods:
Mail: NOAH Headquarters
308 N Cleveland Massillon Road, Lower Level
Akron, OH 44333
You can call the following telephone number: 330-237-6662