Is the system HIPAA compliant?
HIPAA COMPLIANCE STATEMENT
StormSource, LLC (dba Appointment-Plus) submits this statement of policy
regarding HIPAA regulations and obligations. While HIPAA compliance is in part dependent on
technology, HIPAA compliance is an overall organizational obligation that focuses on your
procedural standards and procedural integrity (medical provider business practices). Therefore,
HIPAA compliance for software requires a combination of secure/private technology and compliant
business practices. Appointment-Plus provides clients with a software tool that is HIPAA-
compliant from a technology standpoint as detailed below. However, Appointment-Plus technology is
only half of the inquiry – how client users use Appointment-Plus software within their medical
practices must also be addressed.
Appointment-Plus technology, security, and privacy policies comply with HIPAA standards, such as
encryption (SSL), system-user identifiers (logins, passwords), multiple user access levels,
high-end physical server security, nightly backups, strong privacy policies (not sharing
information with anyone unless you direct us to), timed log out, strong internal policies (having
employees sign strong privacy agreements), and much more. These are detailed on our website
(www.appointment-plus.com) in the FAQ section and the Privacy section. Additional security and
privacy safeguards can be enabled at the option of clients, such as user IP restrictions and forced
interval password changes.
In regard to business practices, Appointment-Plus provides clients literally hundreds of
preferences in defining how they want to set up and use the system in their day-to-day medical
practices. This includes preferences concerning utilization of user access types, how backup files
are run (through Excel Reports), when clients run their own offsite backups, how clients require
users to login to the system - and many more business practice questions. All of these options and
more potentially impact the business practices inquiry and the related obligations under HIPAA.
Each "Covered Entity" must make its own determination of the system use and its overall impact on
Please feel free to call us if you have specific questions as to the interplay
between our software and your business practices.
No related articles were found.
No attachments were found.
Post Comment for "Is the system HIPAA compliant? "
To post a comment for this article, simply complete the form below. Fields marked with an asterisk are required.
Comment #2 (Posted by Shawn - KB Staff)
Karen – We have started offering business contracts to clients that request them. More information about how to request a contract is now included here: https://apptplus.zendesk.com/entries/48627423-Do-you-offer-Business-Associate-Agreements-for-HIPAA-compliance-
Comment #1 (Posted by Karen)
It is my understanding that behavioral health service providers must obtain a Business Associate contract for any online storage or data backup provider that we use. Given that Appointment-Plus does not offer the Business Associate contracts, are we placing ourselves at risk by using this software?
Also, what is involved to create these contracts with service providers? I.e., how difficult would it be to provide the contracts to further insure privacy and compliance with HIPAA regulations?
22nd of November, 2013