Privacy and Confidentiality

HIPAA requires all covered entities (providers, payors, clearing houses) and their business associates who have access to protected health information (PHI) to protect patient privacy and confidentiality. This is how Apollo helps a physician enforce HIPAA privacy requirements:

• Patient is served a Notice of Privacy Practices at the time he is making an appointment online. The same notice is available to be printed and signed by the patient by just a click at the ‘Apollo Check in/Check out screen’.
• Notice of Authorization for release of patient information which allows providers to release PHI to payors and other entities is also available to be printed by just one click.
• Patient has access to all his medical information online. He also has the authority to release his information and can amend his personal information online.
• The designated officer at Apollo enforce HIPAA policies and regulations
• All business associates of Apollo are either HIPAA certified or they have to sign and enforce privacy and security agreements according to HIPAA guidelines

Security

There are several guidelines (currently in draft form) that will form the HIPAA security regulations and they will likely become compliance requirements for providers in 2004. We at Apollo are closely monitoring these guidelines in order to be able to help our physicians implement them effectively and efficiently. Apollo has taken the following measures to enforce administrative, technical, and physical security of the patient information.

• In Apollo, audits trails keep an audit of all accesses and edits to patient records
• Unique and confidential user identification number and passwords to access any patient information is required
• Auto-logoff of user accounts after a specified period of time to help prevent unauthorized access
• All Apollo staff and business associates are required to sign and follow strict security contracts to ensure security of patient information
• Apollo is hosted at an extremely secure facility which is HIPAA certified. The patient information is secured both physically and technically.
• 128-bit encryption, Secure Socket Layers (SSLs) and firewalls protect all system data.
• Application and Database servers are accessible only by extremely secure connections by limited and authorized personal

Electronic transactions

HIPAA mandates that all electronic exchanges of health information should be conducted according to specific standards. Under this requirement, as of October 16, 2003, all current electronic transaction formats for claims, eligibility, remittance and other functions must be replaced by a nationally standardized set of transaction formats. This is the ANSI X12 format. At Apollo we have built our Electronic Data Interface (EDI) based on all such ANSI X12 formats.

The Apollo EDI produces HIPAA compliant files for all such functions (837 for claims, 270 for eligibility verification etc). Apollo EDI also receives and parses all HIPAA compliant files received (835 for remittance advice etc.). In future EDI enhancements will also be based on HIPAA compliancy. At Apollo we are systematically testing ANSI claims on a payor by payor basis to address payor specific companion guidelines. We are willing to clear and provide any 3rd party certification if requested by any of our physician even if it is not required by HIPAA.