HIPAA Compliant Services
What is HIPAA?
HIPAA, an acronym taken from the Health Insurance Portability and Accountability act of 1996, is legislation in the United States that provides data privacy and security provisions for personal health information. The hhs.gov website provides information on the act here, below is a summary from the page:
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI). Within HHS, the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules with voluntary compliance activities and civil money penalties.
HIPAA Requirements For Your Web Site
If your are using your practice website for either transmitting or storing protected health information(PHI) you must have security policies, procedures, and technical security in place for your website. Some examples of collecting current and future patient informations:
- Signing up new patients
- Scheduling appointments
- Diagnosing and making recommendations about medical situations
- Digital prescriptions
- Digital intake forms