Compliance Requirements

Kindly get acquainted with the Compliance requirements. Everyone is responsible to comply with these requirements.

HopeQure is dedicated to delivering the best quality of health care, including protection for the right of patients to protect their health information's privacy and security.In the federal law known as the Health Insurance Portability and Accountability Act (HIPAA), the requirements for protecting health information are defined.HIPAA and HOPEQURE'S regulations extend to protected information records referred to as "Protected Health Information" or "PHI." by HIPAA

HopeQure's policies are designed to ensure the appropriate privacy and security of all PHI across the organisation, in compliance with the law. HopeQure maintains an effective and efficient security posture and applies a proactive stance on security issues from everyone. All the members of HopeQure are responsible to adhere to the security policies and procedures and to take issue with those who are not doing the same. Security is not just focused on physical and technical “border control.” Rather, HopeQure seeks to ensure reasonable and appropriate levels of security awareness and protection throughout our organization and infrastructure. There is no place in HopeQure where security is not the consideration.

HopeQures's HIPAA policies are outlined herein below:

All users are expected to be familiar with and comply with the policy.

  1.  All employees will be appropriately trained on the organization’s Information Security policies and kept up-to-date on any additions or changes to the policies. Training is mandatory prior to receiving access to information or services.
  2. HopeQure staff shall not reveal sensitive information on answering machines that are shared, can be accessed by others or could be the wrong voicemail box.
  3. They do not send or receive sensitive or confidential messages on facsimile machines that store messages.
  4. The recipient’s facsimile information is verified with the recipient prior to sending confidential information. The confidential information shall not be sent until the recipient has stated that the information can be sent.
  5. Employees are prohibited from recording confidential information with tape recorders, digital/analog recording devices, etc., without the consent.
  6. Sensitive information shall be protected from unauthorized access or modification. All systems will be tested prior to acceptance, including a vulnerability assessment or scan prior to being permitted to connect to the HopeQure network. This is to ensure that security controls are in place and the new system complies with the design and function required.
  7. All users are supposed to immediately report suspected security weaknesses in, or threats to, systems or services to management or service providers Automatic password protect on 15 minutes of inactivity.
    • System accounts (i.e., non-interactive accounts for applications or systems) must use passwords that meet or exceed the password composition requirements. System-level passwords must be changed at least once every 90 days. This includes shared secret keys for encryption of connections All user-level and system-level passwords must conform to the requirement described below :
      1. Passwords will be at least 7 non-sequential characters long.
      2. Passwords will be composed of alpha-numeric characters.
      3. Passwords will contain at least 3 of the 4 characteristics below:
        • alphabet character
        • upper case letter
        • number
        • non alpha-numeric character
  8. All e-mail attachments shall be scanned when entering the network or server scanned prior to use. All unauthorized files or amendments are to be thoroughly investigated.
  9. HopeQure requires all users to immediately report suspected security weaknesses in, or threats to, systems or services to management or service providers. These weaknesses should only be reported if actually discovered by the user.
  10. Every asset has an “owner”, who remains ultimately responsible for the asset.These assets include all the devices; laptops , desktops and cell phones. Each asset classification has handling and protection rules. These rules must cover any media the assets may reside in at any time. Following HIPAA security measures should be applied to all the assets. :
    • All computer-resident confidential information is protected via access controls to ensure that it is not improperly disclosed, modified, deleted or otherwise rendered unavailable.
    • Recording confidential information with tape recorders, digital/analog recording devices, etc., without the consent is prohibited
    • All users are supposed to immediately report suspected security weaknesses in, or threats to, systems or services to management or service providers
    • Automatic password protect on 15 minutes of inactivity
    • The data on all the devices accountable as assets must be encrypted along with the backup data encryption.
    • Anti-virus/ anti- spyware installed and updated on all the devices.
    • All the applications seeming to increase the vulnerability shall be removed.
    • Proxy servers are used for protection or by removing administrative privileges.
    • Security distribution through the central computer management software.
    • All devices installed with recent and updated operating systems.

    • Dispose of devices containing PHI using the Environmental Health and Safety universal waste request process and securely store the device until pick up.

    • Usage of only safe and secure wireless data networking
      • -use only secure (WPA-2) WiFi networks trustworthy to Hopequre
      • - All bluetooth devices to be secured by passwords and pins.
  11. No unauthorized or illegal software will be used.
  12. HopeQure implements procedures, user awareness, and change controls to detect and prevent the introduction of malicious software into the organization’s computing environment. To protect the integrity of software and information by promoting procedures and user actions to mitigate the risks of the introduction of malicious software into the organization.

Consequences for security violations: Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. HopeQure is subject to numerous National, State and Federal Information Security and Privacy laws and regulations, which if not complied with, could potentially result in fines, audits, loss of member confidence, and direct financial impacts to HopeQure. Compliance with all applicable regulations is the responsibility of every employee at HopeQure. Everyone at HopeQure is responsible for familiarizing themselves with and complying with all HopeQure’s policies, procedures and standards dealing with information security.