Human Arc Compliance Statement

• To protect informational privacy.
• To ensure ethical business conduct.

As a leader in the industry of healthcare reimbursements and revenue enhancements, Human Arc provides technical knowledge to our customers regarding its compliance with the requirements for handling and exchange of patient information as defined in the Health Insurance Portability and Accountability Act (HIPAA) enacted in 1996 as well as subsequent U.S. Department of Health and Human Services (HHS) standards.  We also comply fully with all legal responsibilities as a business associate to our clients as defined in the 2009 American Recovery and Reinvestment Act, or ARRA; effective February 17, 2010, Human Arc has been liable and responsible for the protected health information (PHI) entrusted to us by our hospital and health plan clients.

Human Arc as a Business Associate to Our Clients

Human Arc, as a business associate to our clients, has adopted many of the policies and procedures now in place for covered entities, and we have implemented many of the same technical protections in the same manner as covered entities.  Among other things, we have:

• Implemented physical safeguards for all workstations that access electronic PHI, restricting access to only authorized users.
• Ensured, through a partnership with Sprint and Microsoft Corporation, that our e-mail communications containing PHI are fully complaint as well.  E-mail that contains PHI is encrypted and sent to a secure message center for retrieval.  During this process, our clients are notified that they have a secure message and are given a web link to retrieve that communication (there is a one-time registration process to retrieve secure e-mail from a Human Arc associate). 
• Put into place hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic PHI.
• Assigned unique names and/or numbers for identifying and tracking user identity.
• Implemented a security awareness and training program which every Human Arc employee has taken (and passed its knowledge examination).
• Conducted an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic PHI held by business associates.
• Incorporated privacy and security rules newly applicable to business associates into Business Associate Agreements with covered entities.

Fortunately, Human Arc has always taken direction from its clients as far as what HIPAA and other subsequent regulatory requirements are mandatory to follow in order to do business with them.  We have made every effort possible to provide our services using the highest level of protection and security.  For this reason, Human Arc did not have much work to do to comply 100% with the recent ARRA business associate requirements.

Human Arc HIPAA Compliance

Human Arc’s Corporate Compliance Officer meets with fellow company leaders and legal counsel, monitors key web sites and printed materials, and attends conferences to remain a knowledgeable and credible resource of the latest HIPAA, ARRA and other regulatory information. As a result of continual research, necessary recommendations are made for accommodations within our systems, software and processes as appropriate to ensure Human Arc meets or exceeds federal and state compliance mandates for safeguarding and protecting PHI.

Please contact Human Arc with questions you may have.

Jenny Roman
Corporate Compliance Officer
Human Arc

1457 East 40th Street
Cleveland, Ohio 44103
216.431.5200 | 800.828.6453 | Fax 216.431.5201