Compliance & Regulations
MaxMD is one of the first companies in the nation to complete the EHNAC DTAAP Accreditation program as a HISP, CA and RA. The MaxMD Direct Certificate is one of the first Direct Certificates to be accepted into the DirectTrust Anchor Bundle. This ensures that MaxMD Direct Messages enjoy interoperability with all DirectTrust HISPs.
The MaxMD product suite is 100% compliant with HIPAA's Security Standards and Technical Safeguards relative to the use, transmission, storage, and protection of ePHI:
STANDARD164.312(a)(1) Access Control.
A covered entity is required to; "Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4) [Information Access Management]".
EMERGENCY ACCESS PROCEDURE (R) - 164.312(a)(2)(ii)
"Requires a covered entity to: Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency."
AUTOMATIC LOGOFF (A) - 164.312(a)(2)(iii)
Where this implementation specification is a reasonable and appropriate safeguard for a covered entity, the covered entity must: "Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity."
ENCRYPTION AND DECRYPTION (A) - 164.312(a)(2)(iv)
Where this implementation specification is a reasonable and appropriate safeguard for a covered entity, the covered entity must: "Implement a mechanism to encrypt and decrypt electronic protected health information."
STANDARD 164.312(b) Audit Controls
The Integrity standard requires a covered entity to: "Implement policies and procedures to protect electronic protected health information from improper alteration or destruction." There is one addressable implementation specification in the Integrity standard.
MECHANISM TO AUTHENTICATE ELECTRONIC PROTECTED HEALTH INFORMATION (A) - 164.312(c)(2)
The covered entity must: "Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner."
STANDARD 164.312(d) Person or Entity Authentication
This standard requires a covered entity to: "Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed."
STANDARD 164.312(e)(1) Transmission Security
This standard requires a covered entity to: "Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network."
INTEGRITY CONTROLS (A) - 164.312(e)(2)(i)
The covered entity must: "Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of."
ENCRYPTION (A) - 164.312(e)(2)(ii)
The covered entity must: "Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate."
MaxMD′s product suite supports the National eHealth Collaborative′s 5 Phases of Patient Engagement Framework:
1) Inform Me
2) Engage Me
3) Empower Me
4) Partner with Me
5) Support My E-community