Is the system HIPAA compliant?
HIPAA Compliance Statement
StormSource, LLC (dba Appointment-Plus) submits this statement of policy regarding HIPAA regulations and obligations. While HIPAA compliance is in part dependent on technology, HIPAA compliance is an overall organizational obligation that focuses on your procedural standards and procedural integrity(medical provider business practices). Therefore, HIPAA compliance for software requires a combination of secure/private technology and compliant business practices. Appointment-Plus provides clients with a software tool that is HIPAA compliant from a technology standpoint as detailed below. However,
Appointment-Plus technology is only half of the inquiry – how client users use Appointment-Plus software within their medical practices must also be
Appointment-Plus technology, security, and privacy policies comply with HIPAA standards, such as encryption (SSL), system-user identifiers (logins, passwords), multiple user access levels, high-end physical server security, nightly backups, strong privacy policies (not sharing information with anyone unless you direct us to), timed log out, strong internal policies (having employees sign strong privacy agreements), and much more. These are detailed on our website (www.appointment-plus.com) in the FAQ section and the Privacy section. Additional security and privacy safeguards can be enabled at the option of clients, such as user IP restrictions and forced interval password changes. In regard to business practices, Appointment-Plus provides clients literally
hundreds of preferences in defining how they want to set up and use the system in their day-to-day medical practices. This includes preferences concerning utilization of user access types, how backup files are run (through Excel Reports), when clients run their own offsite backups, how clients require users to login to the system – and many more business practice questions. All of these options and more potentially impact the business practices inquiry and the related obligations under HIPAA. Each “Covered Entity” must make its own determination of the system use and its overall impact on business practices. Please feel free to call us if you have specific questions as to the interplay between our software and your business practices.
Security info: http://www.appointment-plus.com/product/security.php
Terms and conditions: http://www.appointment-plus.com/terms.php
Learn about the Rules’ protection of individually identifiable health information,
Understanding Health Information Privacy
The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.
The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information.