HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulated by the U.S. Department of Health & Human Services aims to improve healthcare services specifically on Personally Identifiable Information securing it against theft and fraud.

HIPAA key rules are the following:

• HIPAA Privacy Rule - Standards that set the limit on the access of patient private records (personal information).

• HIPAA Security Rule - Standards that set the required protection of electronically protected health information (ePHI).

• Breach Notification Rule - Requirement to notify HHS when a data breach is identified.

• Enforcement Rule - Sets the process of investigation that happened after the breach. Fines are issued if proven the investigation is conducted with negligence.

HIPAA compliance means that any health care providers and other entities dealing with protected health information (PHI) have security measures to provide safety from risks of healthcare data violation.

Entities in contact with PHI – health plans, healthcare clearinghouses, healthcare providers, and endorsed sponsors of the Medicare prescription drug discount card – are legislated by HIPAA. Additionally, Business Associates (BA) are also covered by the act. These are entities that have no direct operations related to PHI but provides services with access to PHI.

EmailMeForm complies with HIPAA, however, there is currently no certification of HIPAA recognized by the US Department of Health and Human Services (HHS).

The short answer is yes. If you are anything related to collecting or disclosing healthcare information you need HIPAA compliance.

Please contact us for any concerns.