MSI HIPAA Statement

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlined changes in the provision of healthcare and the management of paper and electronic records. Such changes focused primarily on defining standards in a) medical information transport, b) medical transaction set formats for transmitting or handling electronic claims, remittance, and eligibility information, and c) overall protection and confidentiality of patient-identifiable information.

Medi-Syn intends to remain fully compliant with each of HIPAA's requirements and looks forward to each of our partners also becoming compliant since downstream transaction efficiencies will be realized from the widespread adoption of such standardized electronic interfaces.

Here is a breakdown of the current HIPAA requirements and Medi-Syn's actions to accommodate each one:

In line with HIPAA's first goal to promote industry-wide use of electronic transactions and transmission of information, the Act provides a strong disincentive to those using paper claims management. After October 16, 2003, covered entities, including health plans, clearinghouses, and any providers who submit information electronically, will be prohibited from submitting paper claims to Medicare. Instead, submission of electronic, HIPAA-compliant, Medicare claims will be a precondition to payment. HIPAA will also require that such electronic transmission be secure. To this end, Medi-Syn attempts to send all submitted claims electronically. Medi-Syn only sends claims on paper (through its clearinghouse partner) to payors that currently do not accept electronic submission. Over 85% of all claims that go through Medi-Syn's practice management system are submitted to the payors electronically. Medi-Syn has also partnered with Verisign, the leading provider of digital trust services in electronic commerce and communications. Verisign is powered by a global infrastructure that manages more than seven billion communications and transactions a day. With Verisign, Medi-Syn's trusted transactions over the Internet are secured by Secure HTTP (HTPPS) using 128bit encryption, the highest level of encryption, from the browser to the database and back.

Medi-Syn has taken significant measures to ensure that our transaction set formats, a second major HIPAA regulation, be compliant as well. To this end, we have secured the right to electronically submit and receive HIPAA compliant ANSI 835 and 837 datasets directly with EDS, NHIC, Blue Cross, Cigna, AIA and a variety of other payors. For all other claims, we utilize the clearing house services of Office Ally. The clearinghouse ensures that the claims data they receive are transmitted to the payors in the specific 837 ANSI data formats required by HIPAA. In the face of state and federal medical data compliance regulations, Office Ally is naturally very committed to HIPAA as well. You can read about our their HIPAA policy at: http://www.officeally.com

Finally, in addition to proper information transmission and data formatting, HIPAA also enforces the overall protection and confidentiality of patient information. Security is crucial for practitioners, and patients want to know that their medical data will stay private.

Medi-Syn understands these concerns and uses the latest Web technologies to ensure security. First, to access information, users must supply a username and password when logging into the Medi-Syn website. This username and password is encrypted and sent to Medi-Syn's databases for verification. Upon authentication, a secure session is started using Secure-HTTP (HTTPS). If a session times out (perhaps due to interruptions at the office), the password must be supplied again to continue working. This ensures that only the authorized personnel who know the password can access data via our Medi-Net software applications. Medi-Syn's firewall architecture prevents unauthorized access to the network and back-end databases. From Medi-Syn's standpoint, Medi-Syn's headquarters is located in a secure facility with multiple security systems that summon police immediately if compromised and all Medi-Syn employees must sign a nondisclosure agreement upon the start of their employment.

Please feel free to email any questions, issues or clarifications to: ComplianceOfficer@Medi-Syn.com or call us at 1-800-MEDI-SYN and ask for the Compliance Officer.