Wavetec is currently compliant with SOC 2 Type II, ISO 27001:2013, ISO 9001:2015, and GDPR in an effort to reinforce our belief that the protection of customer data is of top priority.

This blog entails the compliance of Wavetec with the national standards to protect sensitive information in HIPAA. As a covered entity, Wavetec uses and discloses the individuals’ health information subject to the HIPAA’s privacy rule.

About HIPAA

The objective of compliance with HIPAA is the protection of patients’ sensitive health information. Any organization involved with the working of healthcare data must ensure the implementation of HIPAA privacy rules.

The US Department of Health and Human Services (HHS) issued HIPAA in 1996. The main purpose of HIPAA’s privacy rule is to offer consent to the patient before the disclosure of his/her health information.

According to the administrative implication of HIPAA, any information that is transferred electronically must follow a specific set of standards to ensure the confidential handling of healthcare data.

The Health Insurance Portability And Accountability Act (HIPAA) is legislation that provides security provisions and data privacy, in order to keep patients’ medical information safe. The act contains five sections:

• Title I: HIPAA Health Insurance Reform.
• Title II: HIPAA Administrative Simplification
• Title III: HIPAA Tax-Related Health Provisions.
• Title IV: Application and Enforcement of Group Health Plan Requirements.
• Title V: Revenue Offsets.

Title II can be further broken down into sub-sections, of which Privacy Rule and Security Rule becomes paramount for any IT provider, but let’s hear it directly from the source:

“HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronically protected health information” (e-PHI). Within HHS, the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules with voluntary compliance activities and civil money penalties.” (U.S. Department of Health and Human Services – HHS)

How Wavetec’s compliance with HIPAA benefits you

Although there is no certification for HIPAA, organizations reduce the risk by implementing the necessary processes and policies in place, taking part in a series of training provided by the OCR, and finally, but not less important, by choosing the right technology vendor that is compliant with HIPAA.

We prioritize our customer’s security and privacy above all. Thus, it is unavoidable for us to compromise on the set regulations and standards of privacy, PHI, and ePHI.

The information we need to protect mainly is:

The basic information of a patient is; Name, address, birth date, social security number, and other information that could be used to identify the patient.
Physical and mental health condition of a patient.
Any service and care that is provided to the patient, and also the payment for said services.

With Wavetec, you do not have to worry about the data breaches that often occur due to a lack of security and privacy regulations.

As Wavetec directly or indirectly offers its solutions and support to the healthcare industry, it is important for the organization to save, access, and share public information as per the policy and law as well as imply Protected Health Information (PHI) and electronic personal health information (ePHI).

To fully comply with HIPAA privacy requirements, Wavetec puts administrative, physical, and technical safeguards to ensure the protection of health data. While complying with the confidentiality, integrity, and availability of PHI/ePHI.

This also covers guidelines for data backups, so that patient information could be recovered in case of electronic failures.

Referring to physical safeguards, we limit the access and use of both electronic media and workstations. It includes all methods of data transfer whether it is through email, a private network such as a cloud network, or over the internet

Secondly, we have Technical safeguards. As a HIPAA compliant, Wavetec allows only authorized personnel to access Electronic Protected Health (EPH) data. Several access controls are implicated including unique user IDs, automatic log-off and encryption, decryption, and an emergency access procedure.

Wavetec takes prestige in operating as a secure organization. It is for the benefit of both the organization’s reputation and the protection of its customers. Associate yourself with an organization that complies with the privacy and security of your data.

Is Wavetec the right choice as a Queue Management System supplier?

For over 20 years, Wavetec has been closely following international standards related to Data Privacy and Information Security, that combined, make us the preferred choice for enterprise software solutions for queue management systems:

• ISO 9001 (international standard for quality management systems)
• ISO 27001 (international standard for information security)
• HIPAA (Health Insurance Portability And Accountability Act – United States)
• SOC II (American standards to manage customer data)
• GDPR (General Data Regulation Protection of the European Union)

Moreover, Wavetec is incorporated in 9 countries (United States of America, Mexico, Chile, Peru, Spain, United Arab Emirates, Saudi Arabia, Pakistan, and Kenya) and has representatives in over 70 countries to ensure we are close to our clients; pre, during and post-implementation of our systems.

Finally, but not least important, Wavetec has remained the supplier of technology solutions during years for large organizations and government entities, which follow very strict and transparent procedures during the selection process, mention but a few are HSBC, Emirates Airlines, Delta Airlines, Nike and CalPERS (California Public Employees’ Retirement System). Moreover, within the healthcare industry, Wavetec provides queue management solutions to over 10 National Ministries of Health and 43 Private Hospitals & Clinics.

Wavetec is also part of Endeavor, a Growth Accelerator headquartered in New York City.

For further information and clarifications, feel free to email compliance@test.wavetec.com