Get in touch

3 Things About HIPAA To Keep In Mind As You Use Third-Party Platforms

3 Things About HIPAA To Keep In Mind As You Use Third-Party Platforms

When you’re piecing together your office system strategies, you look for things that will make you more efficient. You want apps that cut down on replicating your work. You look for intuitive software that speeds up entry and modification. 

But health data is a little different than other forms of information. If you’re trying to connect things like Electronic Health Records (EHR), patient portals, or health solutions together, you need to ensure all HIPAA regulations are met. 

Did you know:

Software or Hosting Can’t Be HIPAA Certified

When you’re out searching for hosting or third-party software to get the job done, it’s easy to be taken in by the bells and whistles. Of course, you want a program that’s easy to work with. But in healthcare, it has to be compliant with HIPAA, or it puts your practice at risk. 

Do a little research, and you’ll find many sites, programs, and hosting firms that try to sell you on the fact they’re HIPAA certified. In short, it isn’t true. Unlike the process financial institutions go through to become PCI compliant, there isn’t an organization that can “certify” an organization to be HIPAA compliant. Within the Department of Health and Human Services (HHS), the Office for Civil Rights (OCR) oversees HIPAA compliance. But it doesn’t endorse or recognize certification made by private companies. 

They leave that up to you. 

It’s Okay To Have Forms On Your Website

Having a form to fill out on a website makes the process of selling that much easier, especially for services. As a medical practice, your clients often have several pages of information to fill out before their first visit. And to so do online makes life easier for everyone. 

But what makes them convenient also leaves them vulnerable. 

As you learned from above, no software solution can be certified HIPAA compliant. That means any form program - including Google Forms - cannot have certification. However, Google does support HIPAA compliance. It’s also covered by a business associate agreement, which makes it a suitable solution to use in medical practices. If you use other forms software, be sure they meet the same requirements before implementing them on your site. 

You Can Send and Receive Email and Be In Compliance

Once again, HIPAA doesn’t provide true “do and don’t” guidelines about the acceptable practices of sending and receiving email. What they do say in their Privacy Rule is that healthcare providers can communicate electronically as long as reasonable safeguards are in place. 

HIPAA requires messages to be secure in their transit process. While encryption isn’t required, it shouldn’t be ignored. The key is to ensure that the data being transmitted is reasonably protected from intruders as it’s sent and received. If it’s ruled you didn’t take precautions, you will face penalties of up to $1.5 million. 

Are you HIPAA compliant with the third-party programs and platforms being used in your office?

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.