A verification email with a confirmation link has been sent to your email address. To activate and start using your PlusGuidance account, you need to click this link to verify your email address. Please check your spam folders if it seems you haven't received this email. If still no luck, you can resend the email via your Dashboard.
At PlusGuidance, we consider the security and privacy of both your and your clients' data data to be extremely important. To ensure the highest standards in privacy and security, we have adapted our product and company to be HIPAA- and HITECH-compliant.
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. In the United States of America, all handlers of medical and health information are legally required to comply with this act. This is not a requirement in the United Kingdom and most countries, but we’ve identified HIPAA policies to provide by far the best standards for security and privacy and voluntarily decided to comply with this act. Thus our rules and methodology with regards to your data are as thorough and strict as possible so we can offer you the safest product possible. Additionally, all local regulations on this topic (if present) should also be covered by default due to our higher standards.
The main purposes of HIPAA are to ensure the confidentiality of personal health information and offer protection against identity theft and medical theft.
At PlusGuidance, all such types of High-Risk Data are kept securely encrypted and private on our servers. We offer top-level security via our 256-bit SSL encryption.
HIPAA regulates Covered Entities and Business Associates. The former is one of the following: a health care provider, a health plan or a health care clearinghouse. Business Associates, on the other hand, create, receive, transmit or maintain Personal Health Information (PHI) on behalf of the covered entity. Follow the links for more detailed overviews on what constitutes a Covered Entity and a Business Associate.
Personal Health Information (PHI), also referred to as Protected Health Information, is defined as any type of individually identifiable health information which is transmitted or maintained in any form or medium (electronic, written or oral).
Individually identifiable information constitutes any type of data that:
The Omnibus Rule revised HIPAA rules and enacted new provisions regarding privacy and security particularly related to business associates and enforcement. Its compliance date is September 23, 2013.
By abiding to this rule, PlusGuidance ensures that any third party and/or business associates, vendors and subcontractors that interact with us sign an agreement which imposes more obligations and restrictions on their part in order to ensure full protection of PHI.
In the unlikely event of a breach of unsecured PHI, individuals will be notified immediately. A breach is defined as the acquisition, access, use or disclosure of PHI in a manner not permitted by HIPAA, which compromises the security or privacy of the PHI.
In short, HIPAA compliance ensures that the organisation will act in accordance to two main rules: the HIPAA Security Rule and the HIPAA Privacy Rule.
This sets the standards for ensuring that only those who should have access to electronic PHI will actually have access. This rule is mostly concerned with:
This sets the standards for who have access to PHI.
The main idea expressed here is that telehealth services that are HIPAA compliant will enforce this rule, whereas services which are not have no obligation to do so. If the security rule was concerned with electronic PHI only, the privacy rules extend to general PHI, including all types of formats in which the information may be stored.
Here's a comprehensive summary of the Privacy Rule provided by the US Department of Health and Human Services.
The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into USA law on February 17 2009 to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.
At PlusGuidance, in order to ensure we keep our gold standard in privacy and security, we decided to follow these new guidelines and also be HITECH compliant.
Some of the measures PlusGuidance takes to be HIPAA- & HITECH-compliant include: