The Health Insurance Portability and Accountability Act (“HIPAA”) sets forth privacy and security standards for any entity that uses or discloses protected health information.
Full Slate requires all personnel with access to patient/client information for purposes of providing technical support to be trained in the privacy requirements of HIPAA .
Published HIPAA Statement: http://www.fullslate.com/hipaa
Examples of HIPAA Verticals:
- Acupuncture
- Alt Health
- Chiropractic
- Dental
- Medical
- Mental Health
- Optometry
- Physical Therapy
Customers with specific questions/concerns may find these links helpful:
Permitted Uses and Disclosures. A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations: (2) Treatment, Payment, and Health Care Operations;
http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
No BA Agreement Needed for Limited Data Set. Where a covered entity discloses only a limited data set to a business associate for the business associate to carry out a health care operations function, the covered entity satisfies the Rule’s requirements that it obtain satisfactory assurances from its business associate with the data use agreement.
http://www.hhs.gov/ocr/privacy/hipaa/faq/smaller_providers_and_businesses/251.html
No such thing as "HIPAA compliant:" The US Dept of Health & Human Services (HHS) does not certify any persons or products as "HIPAA compliant:"
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/misleadingmarketing.html
OK to collect info to schedule appointment:
http://www.hhs.gov/ocr/privacy/hipaa/faq/smaller_providers_and_businesses/260.html
Appointment reminders are allowed:
http://www.hhs.gov/ocr/privacy/hipaa/faq/smaller_providers_and_businesses/286.html
Email communication is permitted:
http://www.hhs.gov/ocr/privacy/hipaa/faq/health_information_technology/570.html