How are we HIPAA Compliant?
We follow the Hipaa compliant guidelines of the Health Insurance Portability and Accountability Act of 1996.
- (a) Recognize that HITECH (the Health Information Technology for Economic and Clinical Health Act of 2009) and the regulations thereunder (including 45 C.F.R. Sections 164.308, 164.310, 164.312, and 164.316), apply to a business associate of a covered entity in the same manner that such sections apply to the covered entity;
- (b) Not use or further disclose the PHI, except as permitted by law;
- (c) Not use or further disclose the PHI in a manner that had the Covered Entity done so, would violate the requirements of HIPAA;
- (d) Use appropriate safeguards (including implementing administrative, physical, and technical safeguards for electronic PHI) to protect the confidentiality, integrity, and availability of and to prevent the use or disclosure of the PHI other than as provided for by this Agreement;
- (e) Comply with each applicable requirements of 45 C.F.R. Part 162 if the Business Associate conducts Standard Transactions for or on behalf of the Covered Entity;
- (f) Report promptly to the Covered Entity any security incident or other use or disclosure of PHI not provided for by this Agreement of which Business Associate becomes aware;
- (g) Ensure that any subcontractors or agents who receive or are exposed to PHI (whether in electronic or other format) are explained the Business Associate obligations under this paragraph and agree to the same restrictions and conditions;
- (h) Make available PHI in accordance with the individual’s rights as required under the HIPAA regulations;
- (i) Account for PHI disclosures for up to the past six (6) years as requested by Covered Entity
- (j) Make its internal practices, books, and records that relate to the use and disclosure of PHI available to the U.S. Secretary of Health and Human Services for purposes of determining Customer’s compliance with HIPAA;
- (k) Incorporate any amendments or corrections to PHI when notified by Customer or enter into a Business Associate Agreement or other necessary Agreements to comply with HIPAA.
HIPAA Compliant Data Storage
Our database and web servers are stored with VMRacks, a HIPAA Compliant Server Host. VM Racks guarantees to meet all HIPAA Compliance Guidelines
Secure Encrypted Connections
What does that mean? Anytime you connect to our website to view patient data, you are connecting through a secure, encrypted connection. This is also true with our integration service and web API.
What does that mean?
- Your connection to our site, including uploading and downloading files is always encrypted.
- We only store the minimal info to send your reminders.
- Our servers are secure and PHI is encrypted.
- We will sign a BAA(Business Associate Agreement) with you. Ours can be found Here. We can typically sign yours as well if you have your own BAA.