Dr.Weedy’s HIPAA Compliance — Protection of Your Data
The first and the most important thing you have to know working with Dr.Weedy is that your personal information is 100% protected from leaking anywhere. Why are we so sure about this? After having read this article you will see it’s true.
What is HIPAA Compliance?
HIPAA means Health Insurance Portability and Accountability Act. This act obligates all entities covered by the Act and associated businesses to follow certain rules to protect PHI — the protected health information. It goes hand in hand with such acts as HITECH and other legislation that covers personal information maintenance and use.
HIPAA compliance, however, is not a document or some bunch of rules, it is a never-ending process all companies that deal with PHI have to implement to make their clients feel safe and secure. Yet, we believe you already have some questions:
- What exactly is PHI?
- It is the client’s full name, any contact information, physical address, bank details, insurance data, tax number, profession and position at work, etc.
- It also includes all medical records of the client and their family about previous health issues and current therapies. Here we talk about everything we talk about with a doctor in a doctor’s office, too.
- Photos, fingerprints, anything a client can be identified by also falls within PHI.
- Who are those Covered Entities (CE)? These are the entities that provide medical services and use, maintain, and transmit medical info about their clients. For example, a doctor in a hospital is not a covered entity, because the hospital, in general, is responsible for the protection of PHI. However, if a doctor works individually, he or she becomes a covered entity. Your boss and the company you work in most commonly are not CE, as they are not health care providers.
- What are Business Associates (BA)? It can be a person or an organization that does something for CE and it involves access or any manipulations with PHI. E.g. bankers, bookkeepers, lawyers, computer specialists, etc.
Main HIPAA Rules
The Act has strict rules that help CE and BA manage the security and privacy of PHI, and provide clear instructions in case the personal data was disclosed:
- Security Rule. It says that all CE and BA have to enable the performance of three main parts of the PHI security: technical, physical, and administrative safeguards. These procedures ensure that no one unauthorized has neither technical nor physical access to PHI stored or used electronically (ePHI).
- Privacy Rule. This one explains how CE and BA have to store, maintain, and transmit the ePHI and says that the patient is the only owner of their health data.
- Breach Notification Rule. This rule encloses the requirements on what to do in case the patient’s info was disclosed or leaked.
Based on these rules, all healthcare providers and companies that deal with PHI are advised to design their checklists to make sure that they are compliant with HIPAA rules and requirements.
Dr.Weedy’s HIPAA Checklist
We at Dr.Weedy work with the personal information of our clients, and we do all necessary to protect it. Specifically:
- We have designed the system with all necessary procedures, policies, and executives in charge to safeguard PHI, follow all the instructions of HIPAA, and react properly to the breaches.
- We’ve implemented solid and reliable means of technical protection of ePHI. The information we create, store, and transmit is properly encrypted. Our staff has to identify themselves before they get any access to the data, and everyone has their key and password. Any unusual activity is immediately detected and reported to the security officer. Dr.Weedy uses only the safest internet, email, and cloud service providers.
- Only authorized personnel can get to Dr.Weedy’s office or server rooms. We’ve designed and strictly adhere to the rules on who and how can access the areas and hardware where PHI is stored. We ensure that any ePHI is deleted from the personal devices of our employees. We ensure that all ePHI is deleted from the devices of our company before these devices are utilized, sold, etc.
- Dr.Weedy’s security officer makes regular risk assessments; registers all means and devices we use to store, maintain, and transmit ePHI; is responsible for implementing the emergency procedures and sanction policy in case the HIPAA requirements are not followed or the information is lost or disclosed.