HIPAA

Privacy Statement | Disclaimer | Trademark Info | Copyright Info
Security Guarantee | Legal Statement

XLTEK HIPAA Compliance Statement

Approved in August 1996, the Health Insurance Portability & Accountability Act (HIPAA) requires that the healthcare industry protect the privacy of patient records and promote a national, uniform security standard for the secure electronic transmission of patient-identifiable information. It also requires hospitals to put policies and procedures in place to become HIPAA compliant. The hospital determines how they are going to fulfill HIPAA security requirements; for example, whether by physical access controls, software access controls, or other means.

Under the provisions of HIPAA, vendors bear responsibility for acting as a "Business Associate" when service, application specialist, or other staff are operating under the direct supervision of an authorized caregiver.

XLTEK in Action

How does XLTEK fit in to privacy/security initiatives? XLTEK is committed to designing products to help healthcare providers and payers meet HIPAA requirements. XLTEK’s role is twofold:

  • XLTEK is committed to delivering solutions with embedded privacy, confidentiality protection and security features as per 45 CFR part 164. As well, we will train you on the HIPAA-compliant use of those solutions. 
  • XLTEK is committed to providing secure services and implementing security policies for its staff and associates as per 45 CFR parts 160 and 164.

Services

As per the XLTEK Privacy Policy, all XLTEK personnel upon hire will sign a protected health information confidentiality agreement forbidding them to disclose any patient information seen while on site or performing support services. XLTEK will complete business associate agreements. If no agreement is available from the institution, XLTEK can supply a standard agreement.

1. On-Site Support

XLTEK will seek permission before arrival and before performing any support while on site. Once the visit is complete, XLTEK will provide a written report indicating the services performed.

2. Remote Access

All XLTEK personnel will have a unique user name and password to access hospitals remotely. These user names and passwords will be tracked and maintained by XLTEK. All remote interactions will be logged.

3. Repairs

XLTEK will create backups of data from systems arriving for repair. These backups will be used for the sole intention of repairing the unit. These backups will then be destroyed once the system has been returned. Units that have been returned for repair will be maintained in a secure area with limited access.

Once the repair is complete, XLTEK will provide a written report indicating the repair performed and including the name of the technician.