Online services and HIPAA

An artistic area and computer technology section all rolled into one. Here to help bring you into the computer information age and provide inspiration for your website.

Moderators: Talenyn, stonegirl

Online services and HIPAA

Postby JasonE on Sun Feb 13, 2011 8:30 pm

I have been looking at the growing number of online scheduling and practice management systems/services, and an increasing number of them are tracking client information and statistics over time. Since that info can be accessed from a variety of different computers or mobile devices, doesn't that put the client information under the umbrella of HIPAA?
Jason Erickson, NCTMB, ACE-CPT, AIS-TA
Massage Therapist, Personal Trainer
http://www.CSTMinnesota.com

Internet forums are like going to the zoo; if you get enough monkeys together, sooner or later someone will start throwing their poo.
User avatar
JasonE
Moderator-S.S.S
 
Posts: 2247
Joined: Sun Jul 22, 2007 9:12 pm
Location: Burnsville, MN

Re: Online services and HIPAA

Postby Taoist on Sun Feb 13, 2011 10:37 pm

My initial interpretation was "yes". Here is a chart to help providers determine whether they are a "covered entity".

Does the person, business,
or agency furnish, bill or
receive payment for, health
care in the normal course of
business (1)?
(1. Health care means: care, services, or supplies related to the health of an individual. It includes, but is not limited to, the following:
(1) Preventive, diagnostic, rehabilitative, maintenance, or palliative care, and counseling, service, assessment, or procedure with respect to the
physical or mental condition, or functional status, of an individual or that affects the structure or function of the body; and (2) Sale or dispensing of a
drug, device, equipment, or other item in accordance with a prescription. See 45 C.F.R.160.103.)


If yes:
Does the person, business or
agency transmit (send) any
covered transactions
electronically? (2)
(2. Covered transactions are transactions for which the Secretary has adopted standards; the standards are at 45 C.F.R. Part 162. If a healthcare
provider uses another entity (such as a clearinghouse) to conduct covered transactions in electronic form on its behalf, the health care provider is
considered to be conducting the transaction in electronic form.)

This goes into a few pages of detail so I won't post it, but it's also where I get confused- I'm not sure if it means information transactions or strictly payment transactions and if so, transactions in relation to a health plan (insurance). Either way, here's the link and if you understand it better than I do, let me know your interpretation!
"At the center of your being you have the answer; you know who you are and you know what you want."
Lao Tzu

User avatar
Taoist
Registered Member
 
Posts: 739
Joined: Sat Sep 04, 2010 8:56 am

Re: Online services and HIPAA

Postby Timedess on Mon Feb 14, 2011 7:42 am

You know, this is a very good question. In one of our networking groups is a lady who checks for HIPAA compliance-- that is her business. I think that I will ask her the next time I see her.
~Renee
Timedess
Registered Member
 
Posts: 1615
Joined: Tue Jan 29, 2008 5:45 pm
Location: Texas

Re: Online services and HIPAA

Postby stonegirl on Tue Feb 15, 2011 5:40 am

My lawyer who specializes in HIPAA told me that it doesn't apply unless you're dealing with insurance. And that would be my interpretation of the chart posted by Taoist.
Looking forward to what others have to say - Timedess: please update us after you talk to your networking lady!
User avatar
stonegirl
Moderator
 
Posts: 851
Joined: Fri Oct 20, 2006 1:19 pm

Re: Online services and HIPAA

Postby Timedess on Tue Feb 15, 2011 5:47 am

Stonegirl, your lawyer's assessment is what I've thought as well. I'll try to *remember* to ask my contact about it. The meeting is on Thursday, and not everyone attends every meeting. If I don't see her there, I'll try calling her; and there is also an independent insurance broker who might at least be able to give me some insight.
~Renee
Timedess
Registered Member
 
Posts: 1615
Joined: Tue Jan 29, 2008 5:45 pm
Location: Texas

Re: Online services and HIPAA

Postby stonegirl on Sat Mar 17, 2012 6:09 pm

Just came across this article in Massage Today.

So, HIPAA specifically does apply to insurance. However, as this article states:
The therapist, whether considered a "covered entity" or not, must maintain privacy, because the privacy issue isn't going to go away.


In regards to online scheduling and client management systems, I believe it is standard practice to have everything encrypted using Secure Socket Layer (SSL) - making them as secure as online banking.
User avatar
stonegirl
Moderator
 
Posts: 851
Joined: Fri Oct 20, 2006 1:19 pm

Re: Online services and HIPAA

Postby SchedulingWizard on Wed Apr 11, 2012 11:16 pm

Many therepists have been asking us about HIPAA. But as you mentioned, it only applies if you are dealing with insurance.

So all online scheduling services should be fine. But as Stonegirl wisely advised, just make sure that your scheduling software uses encrypted connection (SSL). This makes sure that nobody can listen in. It's easy to see this, as the web browsers adress bar turns green or blue. In the old days you used to see a lock icon. Also the beginning of the web adress starts with HTTPS instead of HTTP. Here's a nice image of Microsofts website, secured with SSL:

Image
Daniel - The Scheduling Wizard
Online Appointment Scheduling for massage therapists
User avatar
SchedulingWizard
Registered Member
 
Posts: 77
Joined: Sat Mar 07, 2009 2:11 am
Location: Sweden


Return to Website Ideas, Software & Technical Information

Who is online

Users browsing this forum: No registered users and 5 guests