mumms HIPAA Resources

HIPAA Status
June 2005
mumms® Software has fully passed Medicare HIPAA complience testing, and is near full completion of state by state Medicaid testing. Click here for our current status.

HIPAA Frequently Asked Questions
April 2005
Technical Security Services of mumms® Software

mumms® Business and Clinical Software for Hospice is HIPAA compliant.

Nationwide HIPAA requirements for Medicaid and Medicare transmissions go into effect on October 16, 2003. The new formats required by both federal and state to state policies are integrated within mumms®, as mumms® Software is fully HIPAA compliant.

mumms® Software has passed testing with intermediaries such as Cahaba GBA, Palmetto GBA, and United Government Services.

Confidentiality - allowing access to information only to the appropriate and authorized people. Access control supports confidentiality. This involves establishing access, authorizing access, and modifying access: mumms® users are assigned a unique user-name and password combination to each authorized employee (user).

Integrity – mumms® utilizes unique user-names and passwords to insure that only the appropriate people modify information.

Availability – Using mumms® insures that information resources are present when needed.

Audit Trail – mumms® already issues a Time & Date Stamp for most system entries and traces the origination of the entry to the specific user. An end of the year Schema change has been scheduled which will extend this function to every data entry or change.

mumms® utilizes Public Key Encryption: Encryption converts data into a secret code for transmission over a network using an algorithm that allows only the intended receiver to decode it at the other end.

mumms® utilizes SSH (Secure Shell): (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over unsecured channels. This addresses Technical Security Mechanisms as a further process in place to prevent unauthorized access to data that is transmitted over a communication network.

mumms® developers have proposed: The implementation of an “Idle-Out” feature. Automatically, logging off all machines that have remained inactive for a given period of time. Forcing a user to re-identify them using system authorized user-id and passwords. This feature supports technical Security requirements, but input from mumms® clients is requested. The desire of SCS is to balance security with user convenience. We would appreciate feedback telling us what users think would be a reasonable “idle-out” time.

mumms® developers have proposed: To regularly, every 60 or 90 days, change user passwords. Please give us your thoughts on this implementation.

mumms® developers have proposed: To close user accounts that have not been active for a term of 21 days, assist clients with a program/policy to delete an employee’s user privileges when employment terminates. We could extend this 21-day period for a specific “occasional user” like an Executive Director. Please submit your viewpoint on this.

This site identifies, by section, and specifically dates the current status for each new rule, and also offers excellent details regarding HIPAA compliance.

This site provides the government's strategy for HIPAA. It offers reviews, information, requests, and a wide range of policy initiatives regarding the health care industry.