Contact us: (M – F) 720-982-0101

mobile-logo
Top

Health Insurance Portability & Accountability Act (HIPAA)  Compliance

 

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of individually identifiable health information. The HIPAA Security Rule establishes national standards for the security of electronic protected health information and the HIPAA Breach Notification Rule requires covered entities and business associates to provide notification following a breach of unsecured protected
health information.

Learn more about HIPAA and privacy at: http://www.hhs.gov/ocr/privacy/

 

HIPAA and email

Allows providers to email

  • Provided they use reasonable safeguards when doing so
  • Allows use of encrypted emails for treatment related communication between healthcare providers and patients as long as efforts are reasonably applied to protect privacy (PHI)
  • Generally not recommended unless with full disclosure with clients

 

HIPAA and Cell Phones/Mobile Devices

  • Cell phone companies do not see the benefit of being HIPAA compliant and signing a Business Associate Agreement (BAA) with organizations
  • 66% of reported security breaches were due to the theft of mobile devices
  • 81% (2000+) MDs access patient records with their mobile devices

 

HIPAA and Texting

If the content contains protected health information (PHI) it must be HIPAA compliant, and it is the senders responsibility to ensure compliance

  • All it takes is one piece of ID info (name or ID#) with one piece of private info (labs, appointments, diagnosis) to break confidentiality
  • Again, cellular companies will not sign a BAA
    • You cannot guarantee secure travel of message from point to point
    • Cannot guarantee cellular providers are not reading and or archiving messages – or that the government (or others) are not intercepting
    • This applies even when sending a text to yourself
    • There are encryption programs available

 

HIPAA & Videoconferencing

Criteria for HIPAA Compliance

  • Provide audit trails of usage
  • Provide notifications of breaches
  • Offer tech support
  • Signed a Business Associate Agreement (BAA)
  • High level of encryption

HIPAA compliant programs:

  • Secure Telehealth
  • Secure Videoconference
  • VIA3
  • Vidyo/ID Solutions
  • VSee
  • Telemedicine IM
  • eTherapi
  • PASS
  • Zoom
  • Business SKYPE
  • Google (with Google Hangouts does offer a BAA for Business, Education, or Government domain)
  • Theranest (highly recommended for private practice since it includes a client portal)