SXC’s Privacy Officer and Security Officer are responsible for the analysis and implementation of items mandated by HIPAA Administrative Simplification. This includes the transaction standards, code sets, and the rules concerning privacy and security.
SXC has developed and implemented detailed HIPAA policies and procedures, including the requirement of HIPAA training for all SXC employees. This mandatory training focuses on the HIPAA privacy standards, including the permitted uses and disclosures of individually identifiable health information (also known as “Protected Health Information”) and the minimum necessary standard as it relates to such uses and disclosures. The minimum necessary information to be used and disclosed by SXC personnel is defined on a job-by-job basis and security measures have been introduced or enhanced to control access to Protected Health Information.
SXC has undertaken a number of initiatives to ensure that its software and services comply with the security standards of HIPAA. Again, education has been in the forefront as we have worked to ensure that all of our personnel are continually trained and mindful of these provisions in their responsibilities. Additionally, we have undertaken efforts in the four primary areas defined in the security regulations: administrative safeguards, physical safeguards, technical safeguards and organizational requirements.