The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law requiring national standards to protect sensitive patient health information (PHI) from being disclosed without the patient’s consent or knowledge.
Safeguarding and disclosing PHI is our shared top priority. We have implemented robust measures to uphold confidentiality, integrity, and availability of patient data, ensuring compliance with healthcare regulations and industry standards. It is our collective responsibility to maintain these standards.
Confidentiality:
We implement the most up-to-date industry standards for encryption protocols and access controls to protect PHI from unauthorised disclosure. Access to data is strictly regulated, and our systems undergo regular security assessments to maintain confidentiality.
Integrity:
We utilise patient anonymisation, data encryption protocols and access controls to protect submitted PHI from unauthorised disclosure. Access to data is strictly regulated, and our systems undergo regular security assessments to maintain confidentiality.
Data Validation & Audit:
We use data validation checks when collecting PHI. Our robust audit trail policy ensures the accuracy and consistency of PHI transmitted to our practice partners. We do not modify the data we collect; our systems are designed to transmit it immediately upon submission to our practice partners.
Availability:
We collect PHI on behalf of our practice subscribers. Once collected, the data is handed over to our partner practices, who must store it per the HIPPA regulations to ensure continuous access to patient data.
After the PHI is handed over, it is stored on our servers for seven days, after which we permanently delete the data collected from our website and email servers.
We prioritise uptime and reliability to ensure healthcare practices can rely on our platform for seamless data management and transfer.
Safeguarding:
By implementing the processes below, PHF prioritises the security and privacy of patient health information, providing healthcare practices with confidence in protecting and adequately managing sensitive data.
Protected Health Information (PHI) is safeguarded and fortified from unauthorised access through a comprehensive array of security measures on our website and data transfer via email. Our website employs robust encryption protocols like HTTPS to secure data transmission and shield patient information during online interactions. Access controls, including password protection and multi-factor authentication, act as a fortress, restricting unauthorised access to PHI on our platform. Furthermore, we conduct regular security audits, monitoring, and updates to swiftly identify and address potential vulnerabilities, underscoring our commitment to the utmost security of PHI.
PHI is further protected through encrypted email services that utilise end-to-end encryption to secure communication channels when transferring data via email. Access to PHI through email is reserved for authorised personnel only, and email accounts are fortified with strong passwords and regular account monitoring. Policies and procedures are in place to ensure that email attachments containing PHI are encrypted before transmission to prevent data interception or unauthorised access. By implementing these specific security measures on our website and during email data transfers, we underscore authorised personnel’s pivotal role in maintaining PHI’s protection and confidentiality and in strict compliance with data security regulations and privacy standards.
Breach Notification:
In the event of a data breach, we are committed to promptly notifying affected individuals, regulators, and other relevant parties to mitigate potential harm. Our notification policy includes conducting a thorough investigation to assess the scope of the breach, notifying affected individuals within a specified timeframe, providing clear and transparent information about the breach and its impact, offering support and resources for affected individuals, and implementing corrective measures to prevent future breaches. We prioritise open communication, compliance with data protection laws, and safeguarding the confidentiality and security of PHI at all times.
Enforcement Rule:
Our enforcement rule outlines a comprehensive investigative process for complaints and violations of our systems. Enforcement includes conducting thorough assessments, gathering evidence, evaluating compliance with policies, and imposing appropriate corrective actions or penalties to ensure accountability and maintain the integrity of our systems.
Data Security Violation:
When individuals violate our data protection protocols, we implement corrective actions and penalties to uphold accountability and maintain the integrity of our systems. Initially, a thorough investigation is conducted to assess the severity and impact of the violation. Depending on the nature of the breach, corrective actions may include formal warnings, additional training on compliance policies, or temporary suspension of access privileges. For more serious violations or repeated offences, our director will apply penalties such as fines, sanctions, or termination of contracts to deter future misconduct and protect the security of our systems. Our commitment to enforcing consequences for violations underscores our dedication to maintaining a safe, compliant, and ethical environment for all individuals interacting with our systems.
Omnibus Rule:
The Omnibus Rule grants patients greater control over access to their health records. It is still relevant to our business, even though we do not store or share their personal information with any entity other than the practice using our service. By adhering to this rule, we prioritise the confidentiality and privacy of patient data, ensuring that the practice accessing our service follows stringent regulations regarding patient consent, security measures, and data access. Our commitment to maintaining transparency, security, and patient control aligns with the principles of the omnibus rule, reinforcing trust and compliance within our business practices.