HIPAA Compliance

Updated: September 30, 2017

At Odeza, we are committed to ensuring the confidentiality, privacy, integrity, and availability of all electronic Protected Health Information (ePHI) entrusted to us by our clients.

As providers of cloud-based health technology services, Odeza makes every effort to maintain compliance, proactively address information security, mitigate risk for its clients, and assure known breaches are completely and effectively communicated in a timely manner.

Odeza protects the confidentiality of information it receives by adhering to the requirements of the HIPAA Privacy Rule and the HIPAA Security Rule.

  • The Privacy Rule sets the standards for who may have access to PHI, which may be in electronic, oral, or paper form.
  • The Security Rule sets the standards for ensuring that only those who should have access to ePHI will actually have access.
    We comply with all business associate obligations under HIPAA and HITECH, enabling us to provide the highest level of service to our healthcare customers.

Odeza follows the policies and procedures documented in our HIPAA Privacy Policy and also our HIPAA Security Policy. These documents cover areas such as:

  • Technical safeguards implemented to protect and control access to PHI.
  • Physical safeguards implemented for electronic equipment (e.g., cloud infrastructure, workstations, media devices, etc.) used to acquire and store PHI.
  • Training and awareness for staff members who have access to PHI. We respect the privacy of PHI and take security very seriously. Odeza’s services are HIPAA ready and enable providers using the system to comply with its obligations as a Covered Entity.