HIPAA Compliance & Security

By Adam Pick - Patient, Author & HeartValveSurgery.com Founder

HeartValveSurgery.com is serious about protecting and securing the information and the technology that powers our website (the “Website”).

We are committed to implementing procedures and policies designed to secure and to protect the data and the processes needed to operate the Website.  We are also very focused on developing, managing and hosting Health Insurance Portability and Accountability Act (“HIPAA”) compliant systems to protect our patient community.

For these reasons, we have taken several steps to enhance the security of this Website and the information systems used to educate and empower patients with heart valve disease. Recent HIPAA and security updates to the HeartValveSurgery.com website include:

HIPAA Compliance Audits & Enhancements.  To protect the Website, its infrastructure, its processes and the information shared by patients within our community, HeartValveSurgery.com completed an extensive HIPAA security review by third-party auditors during 2017 and 2022. HeartValveSurgery.com also completed an updated HIPAA Security Risk analysis in 2020. The audit and security upgrades during the audit were extensive. We embedded several new physical and administrative controls to guard information that was shared across HeartValveSurgery.com. The results of this initiative were excellent.  

 

 

HIPAA Compliance Certificate

 

 

On March 6, 2017, we received an attestation letter from a security consulting firm that our website was HIPAA compliant. This means that HeartValveSurgery.com has developed an interactive environment with security documentation that has been reviewed by an external third-party which attested that HeartValveSurgery.com is in compliance with over 50 HIPAA Security Rule Administrative, Physical, and Technical Safeguards.

On October 5, 2020, we completed a HIPAA Security Risk Analysis of the physical, technical and administrative environment for HeartValveSurgery.com in compliance with 45 CFR Part 164, HIPAA Security Rule 164.308 (a) (1) (ii) (a).  The results of that analysis showed no critical or high-risk items within the residual risk breakdown for HeartValveSurgery.com.

On January 21, 2022, we received an attestation letter from a security consulting firm that our website is HIPAA compliant. For reference, please find below a chart that summarizes the System Level HIPAA Security Gap Assessment which demonstrates 100% compliance for the 51 HIPAA Security Rule standards and specifications. This means that HeartValveSurgery.com has developed an interactive environment with security documentation that has been reviewed by an external third-party which attested that HeartValveSurgery.com is in compliance with all HIPAA Security Rule Administrative, Physical, and Technical Safeguards.

On June 6, 2024, we received another attestation letter from a qualified third party information security consulting firm that our website is HIPAA compliant. For reference, please find below a chart that summarizes the System Level HIPAA Security Gap Assessment which demonstrates 100% compliance for the 51 HIPAA Security Rule standards and specifications. This means that HeartValveSurgery.com has developed an interactive environment with security documentation that has been reviewed by an external third-party which attested that HeartValveSurgery.com is in compliance with all HIPAA Security Rule Administrative, Physical, and Technical Safeguards.

 

 

HeartValveSurgery.com HIPAA Security Audit

 

 

Secure Socket Layer (SSL). In 2017, we moved the website from “http” to “https” to enhance our security. You will now see that a “lock” icon is present on each page of the Website which indicates that the page is secure.

As you can read here at DigiCert, "SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information)."

Given the ongoing changes in health care, the Internet and information technology, we expect to continue making adjustments and investments to ensure HIPAA compliance and to protect the security of the HeartValveSurgery.com website.

We hope this information is helpul for you to learn about the steps we are taking to ensure your security. For all questions, please contact Adam Pick at adam@heartvalvesurgery.com or (888) 725-4311. You can also write us at 2758 Pacific Coast Highway, #517, Torrance, CA 90505.

 

You Might Also Like

 

Page last updated: June 6, 2024

 

Written by Adam Pick
- Patient & Website Founder

Adam Pick, Heart Valve Patient Advocate

Adam Pick is a heart valve patient and author of The Patient's Guide To Heart Valve Surgery. In 2006, Adam founded HeartValveSurgery.com to educate and empower patients. This award-winning website has helped over 10 million people fight heart valve disease. Adam has been featured by the American Heart Association and Medical News Today.

Adam Pick is a heart valve patient and author of The Patient's Guide To Heart Valve Surgery. In 2006, Adam founded HeartValveSurgery.com to educate and empower patients. This award-winning website has helped over 10 million people fight heart valve disease. Adam has been featured by the American Heart Association and Medical News Today.