HIPAA-COMPLIANT APPOINTMENT REMINDERS
The Health Insurance Portability and Accountability Act (HIPAA) is US federal legislation which obligates medical providers to take certain steps to secure data on their patients. Appointment Reminder is HIPAA-compliant when used as intended. You can sign up for one of our HIPAA compatible plans or feel free to ask us for a callto discuss options.
We’ll explain a bit about HIPAA in layman’s terms. Please check with your lawyer or HIPAA compliance officer if you are unsure of anything in our explanation. We’re not lawyers and we’re not your lawyers, so we can’t give you legal advice?
ARE APPOINTMENT REMINDERS GENERALLY ALLOWED UNDER HIPAA?
Yes. Health and Human Services has approved of both the traditional postcard reminders and phone/email/text message reminders, as an integral part of patient care. You should receive prior authorization to send reminders (including it in your standard HIPAA documentation is a good idea) and you should obey reasonable requests from particular patients about their reminders, such as sending them in a form which is convenient to the patient (e.g. to their home email address rather than to their work email address, if requested, or to their cell phone instead of their home phone, if requested.)
Appointment Reminder gives you full control on a per-patient basis over where and how reminders are sent.
WHAT IS A BUSINESS ASSOCIATE? WHAT IS A BUSINESS ASSOCIATES AGREEMENT?
A business associate is a person or company which a medical provider contracts with to provide services. In the ordinary course of doing business, they’ll be exposed to private medical information. Medical providers are obligated by HIPAA to secure “Business Associates Agreements”, commonly referred to as BAAs, with their business associates. These agreements establish auditable chain-of-custody for patient information and obligate the business associates to treat the data under HIPAA standards while it is in their care.
Appointment Reminder will sign a BAA with customers on our HIPAA-compatible plans. We have standard language modeled off of Health and Human Services’ approved language, or we will sign your standard BAA if it is reasonable. Appointment Reminder takes its obligations as a business associate very seriously.
WHAT INFORMATION IS ALLOWABLE IN A REMINDER?
You should minimize the private health information in all appointment reminders, particularly with regards to health information which is especially sensitive. For example, rather than saying that a reminder is from “Gynecology Associates”, you should say that it is from “Dr. Smith.” Consider not including the name of your patient in reminders, if this makes sense for your patient population.
Do not include information about diagnoses or treatment plans in reminders. While Appointment Reminder is very accurate with regards to getting messages to the specified numbers/addresses, it is nonetheless possible that unauthorized parties will be able to view/hear your reminder. For example, work voicemail systems may be accessible by other employees, mobile phones may be lost or stolen, or email may be intercepted. If you wouldn’t be comfortable broadcasting the message on the loudspeaker at Macy’s, give the patient the minimum information required to jog their memory. You can tell them the detailed information in person.
WHAT TECHNICAL MEASURES DOES HIPAA REQUIRE?
HIPAA obligates people in possession of patient health information to a few dozen technical requirements, described in the Security rule, Privacy rule, and related rulemaking. A sampling of these requirements include requiring per-user accounts, complex passwords, encryption of data in transit and at rest, formal risk assessments of computer systems, and the like.
Appointment Reminder has complied with all requirements of the HIPAA Privacy and Security rules. We’re happy to discuss them with you. Certain details of our compliance strategy may require a NDA to disclose to you — for example, detailed information about our technical infrastructure.
WHO IS YOUR HIPAA COMPLIANCE OFFICER?
Appointment Reminder’s HIPAA compliance officer is Graphite Systems LLC, the founder of the company. If you have any questions, you can email him at email@example.com. You will have his full and immediate attention.
HAVE YOU EVER HAD A REPORTABLE DATA BREACH?
Appointment Reminder has never had a data breach which required reporting under HIPAA or our BAAs with medical customers. Additionally, to the best of our knowledge, we have never had a data breach of any kind.
We take security extraordinarily seriously. Appointment Reminder is used daily by some of America’s top hospitals, whose HIPAA-compliance officials personally approved of our systems. We also carry a multi-million dollar policy through US Liability Insurance Company, which they wrote after being satisfied that our systems were secure.
We invest heavily in training, security technology, and employing experts in dealing with patient health information.
HOW CAN WE START USING HIPAA-COMPLIANT APPOINTMENT REMINDER SERVICES?
You can sign up for a free trial of Appointment Reminder under any of our HIPAA-compatible plans, or contact us for more information. We’ll send you our stock BAA for your signature. As soon as the ink is dry on a business associates agreement, you can begin putting patient information in our systems in a HIPAA-compatible manner.
You’re still responsible for using the system in a manner which is respecting of patient privacy. If you wish advice on that, we’re happy to provide it.