Physician Billing Services
HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlined changes in the provision of healthcare and the management of paper and electronic records. Such changes focused primarily on defining standards in a) medical information transport, b) medical transaction set formats for transmitting or handling electronic claims, remittance, and eligibility information, and c) overall protection and confidentiality of patient-identifiable information. Porteck intends to be fully compliant with each of HIPAA's requirements

Here is a breakdown of the current HIPAA requirements and Porteck's actions to accommodate each:

A) In line with HIPAA's first goal to promote industry-wide use of electronic transactions and transmission of information, the Act provides a strong disincentive to those using paper claims management. After October 16, 2003, covered entities, including health plans, clearinghouses, and any providers who submit information electronically, will be prohibited from submitting paper claims to Medicare. Instead, submission of electronic, HIPAA-compliant, Medicare claims will be a precondition to payment. HIPAA will also require that such electronic transmission be secure.

To this end, Porteck attempts to send all submitted claims electronically. Porteck only sends claims on paper to payors that currently do not accept electronic submission. Porteck's internet transactions are secured by Secure HTTP (HTPPS) using 128-bit encryption, the highest level of encryption, from the browser to the database and back.

B) Porteck has taken significant measures to ensure that our transaction set formats, a second major HIPAA regulation, will be compliant as well. All claims data is transmitted to the payors in the specific 837 ANSI data formats required by HIPAA.

C) Finally, in addition to proper information transmission and data formatting, HIPAA also enforces the overall protection and confidentiality of patient information. Security is crucial for practitioners, and patients want to know that their medical data will stay private.

Porteck understands these concerns and uses the latest Web technologies to ensure security. First, to access information, Porteck employees must supply a username and password when logging into Porteck systems; please note that Porteck systems cannot be accessed remotely. This username and password is encrypted and sent to Porteck's databases for verification. Upon authentication, a secure session is started using Secure HTTP (HTTPS). Porteck's firewall architecture prevents unauthorized access to the network and back-end databases. Additionally, the Porteck system tracks user login/logout times; an internal audit group conducts regular audits of system usage. All Porteck employees must sign a Non-disclosure/Confidentiality Agreement, and all facility ID/pass cards, system user ID's and email addresses are shut down immediately upon an employee leaving the company.

Porteck also has a disaster recovery plan in place to safeguard all systems. We have redundant servers safeguarding all information with daily data and weekly email backups.

Please feel free to email any questions, issues or clarifications to: info@porteck.com