hipaa-compliant-scheduling-software

Is my Scheduling Software HIPAA Compliant?

The Health Insurance Portability and Accountability Act, also known as HIPAA is the benchmark that ensures the confidentiality of patient data. Yocale is an appointment scheduling management system that enables healthcare business owners and providers with solutions in appointment booking, management, staff data and customer data management, among many other features. Healthcare information custodians using Yocale are able to collect patient information and it is then stored, in an encrypted format, in the cloud along with the patient’s profile in the customer database. This information is retrievable only by the administrators of the Yocale account, or those with admin-level access.

Yocale takes great effort to safeguard any information that’s stored in your account. Yocale does not reveal sensitive information to third party apps without the consent of the admin of the Yocale account. Furthermore, any privileged information of a patient that’s stored in the customer database or the appointment notes will not be transferred to marketing agencies for commercial gains.

Using Yocale to Meet Technical Safeguards

When used and configured properly, the technical security features employed by Yocale.com can help satisfy the technical and physical security safeguards required by HIPAA so that Yocale users can confidently incorporate Yocale into their information-management system without affecting their HIPAA compliance. Yocale encourages Yocale users to review the product’s security features and consider their specific use case to ensure they properly configure business processes in order to achieve compliance with applicable HIPAA-mandated administrative, technical and physical security safeguards.

At Yocale we encrypt all the sensitive data including User’s Identity, Uploaded documents as well as Subscription Information using AES256 (256 bits Advanced Encryption Standard). AES is a symmetrical encryption algorithm that has become ubiquitous, due to the acceptance of the algorithm by the U.S. and Canadian governments as standards for encrypting transited data and data at rest. Because of the length of the key (256 bits) and the number of hashes (14), it takes a murderously long time for a malware hacker to perform a dictionary attack.

Inferences of a stream or stored data won’t likely happen in your lifetime, or in the next hundred lifetimes.

According to a recent HIMSS Analytics Cloud Survey, 83% of IT healthcare organizations are currently using cloud services and 9% plan to in the future. Many of them are turning to Microsoft Azure as the cloud infrastructure of choice.

Yocale utilizes Microsoft Azure for all its cloud services. Azure Cloud Services provide the most effective Development and data storage environment for building the most modern, distributed, computing applications. Our customers benefit from apps that respond faster and never go down while maintaining high level of data security.

Azure employs a risk-management model of shared responsibility between the customer and Microsoft. Microsoft is responsible for the platform including services offered and seeks to provide a cloud service that can meet the security,privacy, and compliance needs of our customers. Customers are responsible for their environment once the service has been provisioned, including their applications, data content, virtual machines, access credentials, and compliance with regulatory requirements applicable to their particular industry and locale.

Each customer should have their own compliance mechanisms, policies, and procedures in place to ensure they do not use Azure in a way that violates HIPAA and HITECH Act requirements. Customers should independently verify with their own legal counsel that their implementation meets all HIPAA and HITECH Act requirements.

Azure services are audited by independent external auditors under industry standards, including ISO 27001. ISO 27001 audit scope includes controls that address HIPAA security practices as recommended by the U.S. Department of Health and Human Services. Additional information on security, privacy, and compliance certifications is available at http://azure.microsoft.com/en-
us/support/trust-center/.

Disclaimer: This guide is not intended to constitute legal advice. Customers should consult with their own legal counsel regarding compliance with HIPAA, HITECH Act, and other laws and regulations applicable to their particular industry and intended use of Yocale.

Sources:

http://www.asha.org/Practice/reimbursement/hipaa/technicalsafeguards/

www.hhs.gov/ocr/privacy

https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf

http://www.hhs.gov/hipaa/for-professionals/security/guidance/

https://chapters.cloudsecurityalliance.org/switzerland/files/2014/04/CSACH_3_Saurer_Azure_Security_Privacy_Compliance_-DeepDive.pdf

http://azure.microsoft.com/en-us/support/trust-center/

:cta:

Categories

Most Popular: