We take patient information very seriously. All information you store on the list is encrypted during transmission. Only you (and your group) have access to this information. All data is stored on a dedicated server and is not shared by any other organization or entity. We are 100% HIPAA compliant.
The Site may use cookie and tracking technology depending on the features offered. Cookie and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors to the Site, and understanding how visitors use the Site. Cookies can also help customize the Site for visitors. Personal information cannot be collected via cookies and other tracking technology, however, if you previously provided personally identifiable information, cookies may be tied to such information. We do NOT share any data (even from cookies) with third parties.
We do NOT share any personal information with other corporations, individuals or institutions. We may only do so when: (1) permitted or required by law; or, (2) trying to protect against or prevent actual or potential fraud or unauthorized transactions; or, (3) investigating fraud which has already taken place. The information is not provided to these companies for marketing purposes.
Your personally identifiable information is kept secure. Only authorized employees, agents and contractors (who have agreed to keep information secure and confidential) have access to this information. All emails and newsletters from this site allow you to opt out of further mailings.
HIPAA is the Health Insurance Portability and Accountability Act of 1996 that specifies laws for the protection and use of Personal (or Protected) Health Information (PHI) which is essentially your medical record.
In 2010, the Health Information Technology for Economic and Clinical Health Act (HITECH) was passed in order to update HIPAA rules and provided federal funds for deploying electronic medical records (EMR), also referred to as electronic health records (EHR). HITECH upgraded HIPAA because medical records were now in digital form, and as a result, they needed new rules for protection and availability.
HIPAA covers the Privacy, Security and Enforcement rules of PHI. The Privacy and Security rules contain information on how one must treat PHI (whether it's electronic or not). The enforcement rules specify what happens if you don't (the penalties).
There are three things that HIPAA requires: Integrity of information – The medical record must be accurate Confidentiality – The medical record should only be seen by those with a need to know and all uses of that data should be knowable by the individual. Availability – The medical record must be available, in essence, no reasonably avoidable downtime.
HIPAA was intended to ease the sharing of Personal Health Information (PHI) between entities that have a need to know while maintaining an acceptable and reasonable level of privacy to the individual whose information is at stake. HITECH was intended to fund and define sharing rules for Electronic Medical Records (EMR) to further their use in hopes of curtailing growing health care costs.
The Acts are administered by the Department of Health and Human Services (HHS) in the Office of Civil Rights (OCR). It is the OCR which has the right to enforce, audit, fine and charge companies and individuals for violations of the Act. They interpret the law in the Act and write the rules and regulations.
The rules and regulations are documented in the Code of Federal Regulations (CFR). Parts 160 and 164 of the CFR are the two that pertain to HIPAA. When someone says they adhere to HIPAA rules, it means they adhere to the paragraphs in the Parts. For example, one of the paragraphs says: Paragraph 164.308(a)(1)(i) Standard: Security Management Practices – Implement policies and procedures to prevent, detect, contain, and correct security violations. We are then required to do precisely what it says: prevent, detect, contain and correct security violations.