Compliance

HIPAA & information security

We take your patient's privacy seriously. Below are some of the steps that we take to protect you and your patient's information on a daily basis.

Technology policies

We use the latest technology, techniques, and practices to keep your information and the patient information you provide us safe in accordance with HIPAA/HITECH and the business associate agreement that all users must agree to.

  • Encryption. All patient data travels to our servers in an encrypted manner.
  • No storage of PHI. We do not store the patient information you provide us. Once we send the email on your behalf it is gone.
  • Server providers. We use server providers with names that you would recognize that support HIPAA compliance.
  • Security best practices. Our application was designed from the ground up with security as a central focus.

Administrative policies

In addition to technical controls, we use administrative tools and techniques to keep your information safe.

  • Business Associate Agreement. HIPAA requires that you have a BAA with all third parties that handle PHI on your behalf. This BAA must be agreed to as part of the signup process.
  • Training. Everyone on our small team is trained on the ins and outs of HIPAA.
  • Strong security practices. Our application was designed from the ground up with security as a central focus.

Safety first

Online security and the confidentiality of your data is important to you and it is important to us. We have designed our application, systems, and workflow to minimize risk and keep information secure and safe. Remember to do your part to keep your username and password secure and log out of Patient Onboard when not in use.