HIPPA Compliance Statement
Norav Medical Inc. does not anticipate receiving or disclosing any individually identifiable information in the normal course of providing products/services. Should Protected Health Information (PHI) be made available, or obtained by Norav Medical, we do hereby assure our customers that we will:
-
Comply with the rules and regulations concerning the privacy and security of PHI under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
-
Protect against any non-permitted use or disclosure of PHI using no less than a reasonable amount of care.
-
All policies and procedures related to information and physical security are frequently reviewed to ensure they are up to date and follow any new or revised regulation.
-
Report any non-compliance of which we become aware.
-
Have named a HIPAA Security Official who creates, maintains, and trains regarding our HIPAA policies and procedures.
-
Have established that all employees with access to PHI receive training on our policies and procedures according to HIPAA mandates.
-
Automatic expiration of passwords.
-
Account lockouts upon numerous failed log-in attempts.
-
Transcripts and exhibits sent and received through secure file transfer (Citrix’s ShareFile).
-
Data-at-rest encryption.
-
Email verification.
-
Automatic virus scans.
-
Secure data backups.
-
Any potential or actual breaches are logged, investigated, and reported.