HIPAA Compliance & Security
HeartValveSurgery.com is serious about protecting and securing the information and the technology that powers our website (the “Website”).
We are committed to implementing procedures and policies designed to secure and to protect the data and the processes needed to operate the Website. We are also very focused on developing, managing and hosting Health Insurance Portability and Accountability Act (“HIPAA”) compliant systems to protect our patient community.
For these reasons, we have taken several steps to enhance the security of this Website and the information systems used to educate and empower patients with heart valve disease. Recent HIPAA and security updates to the HeartValveSurgery.com website include:
HIPAA Compliance Audits & Enhancements. To protect the Website, its infrastructure, its processes and the information shared by patients within our community, HeartValveSurgery.com completed an extensive HIPAA security review by third-party auditors during 2017 and 2022. HeartValveSurgery.com also completed an updated HIPAA Security Risk analysis in 2020. The audit and security upgrades during the audit were extensive. We embedded several new physical and administrative controls to guard information that was shared across HeartValveSurgery.com. The results of this initiative were excellent.
On March 6, 2017, we received an attestation letter from a security consulting firm that our website was HIPAA compliant. This means that HeartValveSurgery.com has developed an interactive environment with security documentation that has been reviewed by an external third-party which attested that HeartValveSurgery.com is in compliance with over 50 HIPAA Security Rule Administrative, Physical, and Technical Safeguards.
On October 5, 2020, we completed a HIPAA Security Risk Analysis of the physical, technical and administrative environment for HeartValveSurgery.com in compliance with 45 CFR Part 164, HIPAA Security Rule 164.308 (a) (1) (ii) (a). The results of that analysis showed no critical or high-risk items within the residual risk breakdown for HeartValveSurgery.com.
On January 21, 2022, we received an attestation letter from a security consulting firm that our website is HIPAA compliant. For reference, please find below a chart that summarizes the System Level HIPAA Security Gap Assessment which demonstrates 100% compliance for the 51 HIPAA Security Rule standards and specifications. This means that HeartValveSurgery.com has developed an interactive environment with security documentation that has been reviewed by an external third-party which attested that HeartValveSurgery.com is in compliance with all HIPAA Security Rule Administrative, Physical, and Technical Safeguards.
On June 6, 2024, we received another attestation letter from a qualified third party information security consulting firm that our website is HIPAA compliant. For reference, please find below a chart that summarizes the System Level HIPAA Security Gap Assessment which demonstrates 100% compliance for the 51 HIPAA Security Rule standards and specifications. This means that HeartValveSurgery.com has developed an interactive environment with security documentation that has been reviewed by an external third-party which attested that HeartValveSurgery.com is in compliance with all HIPAA Security Rule Administrative, Physical, and Technical Safeguards.
On November 25, 2024, we implemented a novel HIPAA-Compliant Analytics Solution across HeartValveSurgery.com to adhere to the Health & Human Services Bulletin regarding online tracking technologies. Our solution leverages an agnostic analytics engine, a data warehouse, de-hashing and de-identifying transformations within the data warehouse, and other strategies to report key performance indicators in a HIPAA-compliant environment. As a result, we can continue to leverage analytics for the effective management and reporting of de-identified analytics from Google Analytics 4, Google Adwords, Facebook, CallRail, etc.
Secure Socket Layer (SSL). In 2017, we moved the website from “http” to “https” to enhance our security. You will now see that a “lock” icon is present on each page of the Website which indicates that the page is secure.
As you can read here at DigiCert, "SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information)."
Given the ongoing changes in health care, the Internet and information technology, we expect to continue making adjustments and investments to ensure HIPAA compliance and to protect the security of the HeartValveSurgery.com website.
We hope this information is helpul for you to learn about the steps we are taking to ensure your security. For all questions, please contact Adam Pick at adam@heartvalvesurgery.com or (888) 725-4311. You can also write us at 2758 Pacific Coast Highway, #517, Torrance, CA 90505.
You Might Also Like
- About HeartValveSurgery.com
- News & Press Updates
- HONcode Certification
- Editorial Guidelines
- Sponsor Program
- Privacy Policy
- Website Terms & Conditions
Page last updated: December 12, 2024