HIPAA and HITECH compliance are often of concern to employers. To assist, we have prepared the following information to help you navigate our processes and determine if we are a ‘fit’ for your organization.
Business Associate Agreements
We enter into business associate agreements with all of our clients. This is necessary since completing ACA reporting requires coming into contact with Protected Health Information (PHI).
What is PHI?
In most situations, PHI is employee sensitive medical information. However, for HIPAA purposes employee’s social security numbers, dates of hire and status of employment (part time, full time) are also considered PHI. For that reason, we require all clients to enter into a business associate agreement with our company prior to executing ACA reports.
How do we work with PHI?
Each employer client will receive a workbook to assist them in completing their ACA reporting. This workbook will require entering PHI on their employees, namely social security numbers and employment data (such as hire and termination dates). Ultimately this data must be sent to our firm in order to complete your reporting.
The process involves executing a function from excel based workbook stored on the employer’s desktop. Once a client is ready to complete their reporting, they initiate this function which then sends the workbook and PHI to our offsite HIPAA secure web server via an encrypted SSL connection. This data is then swept periodically into our HIPAA secure database. This process allows us to shut down all access to our database other than from our office locations in Greenville, SC and with our specific IP addresses. This encrypted database is maintained by our vendor off site who specializes in HIPAA compliance of database PHI both while it is in transit as well as at rest. We maintain the data for 8 years on behalf of our clients.
Once a client’s PHI is in our database, we then work appropriately from our end via our SSL encrypted connection to the database to create your appropriate 1094 and 1095 forms. These forms are then sent back to our clients. Based upon the final guidance by the IRS, 1095 forms can be completed with truncated social security numbers (i.e. xxx-xx-1234). We were pleased to see this final guidance, and obviously it makes the final step of sending the forms to employers less complicated.
We ultimately will send our clients a .pdf version of the created forms via email.
E-Filing with the IRS and Print/Mailing of forms
These two tasks are handled from our offices in Greenville, SC. We extract the appropriate files from our database via encrypted SSL connection, and then submit them via the IRS’s A.I.R. system to complete the e-filing process. In a similar way, we performing print and mailing services of forms if desired by a client.
Errors and Omissions | Cyber Security Policies
Below you can download a copy of these documents should you desire.