Eliminate patient no-shows
Handle patient calls 24/7
Schedule patient appointments online
CALL 000-000-000

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a set of rules that govern requirements for different health plans and the protection of health data.

The first title of HIPAA deals with the requirements for different health insurance plans. It explains the calculation of creditable continuous coverage, different benefits, etc. Additionally it specifies which insurance plans are affected by the HIPAA regulations and which plans are excluded from these regulations.

The second title of HIPAA sets rules for the protection of healthcare information and defines legal penalties for the violation of these rules. The regulations that cover all entities dealing with or transmitting health information are known as the Administrative Simplification rules.

How does HIPAA help to secure patient information?

HIPAA defines five Administrative Simplification rules and we will mention a couple of them briefly:

  • The Privacy Rule. This rule sets regulations for the disclosure of Protected Health Information. It specifies that covered entities must take reasonable steps to ensure the confidentiality of communications with individuals:
    "A health plan must permit individuals to request and must accommodate reasonable requests by individuals to receive communications of protected health information from the health plan by alternative means or at alternative locations, if the individual clearly states that the disclosure of all or part of that information could endanger the individual."
  • The security rule. This rule deals specifically with Electronic Protected Health Information (EPHI). This security rule is the one that affect medical software the most, so lets take a more detailed look at it. There are three types of safeguards defined in this security rule:
    • Administrative safeguards. These are policies explaining how the covered entities should comply with HIPAA.

      The administrative safeguards specify that covered entities must define which employees have access to the EPHI. There should be rules to grant, modify and terminate access for employees to the EPHI.

      If an entity covered by HIPAA regulations outsources some of its work to an external organization then it must make sure that the external organization complies with the HIPAA regulations too. In particular this means that doctors and health clinics are not allowed to use a medical service like ours unless our medical service is HIPAA compliant. That is why we have gone the extra mile to ensure that our system complies with the HIPAA requirements.

      Covered entities (e.g. doctors and clinics) are required to backup their data regularly and to have well-defined disaster recovery procedures.

    • Physical safeguards. These safeguards control physical access to the hardware and software dealing with EPHI.
    • Technical safeguards. These safeguards define requirements for the computer systems dealing with EPHI. Here is a non-exhaustive list of the requirements specified by the technical safeguards:
      • Information flowing outside of the organization's network must be encrypted.
      • Measures should be taken in order to prevent unauthorized changes to the EPHI data.
      • Measures should be taken to detect violation of data integrity caused by malfunction of hardware or software.
      • Before some entity accesses the EPHI it must authenticate using a password systems, a two or three-way handshake, a telephone callback or a token system.

How does AssistMedic conform to the HIPAA requirements?

AssistMedic complies with the safeguard rules established by HIPAA. You can see our section on Information security for a list of AssistMedic features that provide compliance with HIPAA.