At PlusGuidance we consider the security and privacy of both your data and client’s data to be extremely important. To ensure the highest standards in privacy and security we have adapted our product and company to be HIPAA and HITECH compliant.
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. In the United States of America all handlers of medical/health information are legally required to comply with this act. This is not a requirement in the United Kingdom and most countries but we’ve identified HIPAA policies to provide by far the best standards for security and privacy and voluntarily decided to comply with this act. Thus, our rules and methodology with regards to your data are as thorough and strict as possible so we can offer you the safest product possible. Additionally, all local regulations on this topic (if present) should also be covered by default due to our higher standards.
The main purposes of HIPAA are to ensure the confidentiality of personal health information and offer protection against identity theft and medical theft.
HIPAA regulates Covered Entities and Business Associates. The former is one of the following: a health care provider, a health plan or a health care clearing-house. Business Associates on the other hand create, receive, transmit,or maintain PHI on behalf of the covered entity. Follow the links for more detailed overviews on what constitutes a Covered Entity and respectively a Business Associate.
Personal Health Information, also referred to as Protected Health Information is defined as any type of individually identifiable health information which is transmitted or maintained in any form or medium (electronic, written or oral).
Individually identifiable information constitutes any type of data that is:
The Omnibus Rule revised HIPAA rules and enacted new provisions regarding privacy and security particularly related to business associates and enforcement. Its compliance date is September 23, 2013.
By abiding to this rule, PlusGuidance ensures that any third party and/or business associates, vendors and subcontractors that interact with us sign an agreement which imposes more obligations and restrictions on their part in order to ensure full protection of PHI.
In the unlikely event of a breach of unsecured PHI individuals will be notified immediately. A breach is defined as the acquisition, access, use or disclosure of PHI in a manner not permitted by HIPAA which compromises the security or privacy of the PHI.
In short, HIPAA compliance ensures that the organisation will act in accordance to two main rules: the HIPAA Security Rule and the HIPAA Privacy Rule.
This sets the standards for ensuring that only those who should have access to electronic PHI will actually have access. This rules is mostly concerned with:
This sets the standards for who may have access to PHI.
The main idea expressed here is that telehealth services that are HIPAA compliant will enforce this rule whereas services which are not have no obligation to do so. If the security rule was concerned with electronic PHI only, the privacy rules extend to general PHI, including all types of formats in which the information may be stored.
The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into USA law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.
At PlusGuidance, in order to ensure we keep our gold standard in privacy and security we decided to follow these new guidelines and also be HITECH compliant.