HIPAA Compliance at Influx MD
If you want to track leads and use automated marketing then it is likely you will need to use software that complies with the Health Insurance Portability and Accountability Act (HIPAA).
Influx MD maintains an environment that complies with HIPAA requirements and is available at no additional cost to account holders on request.
HIPAA compliance for Influx MD means that we offer a service that enables covered entities to collect and manage PHI in a manner compliant with HIPAA. As part of offering this service, Influx MD ensures that it operates in a way that is consistent and compatible with those laws and our role as a business associate to a covered entity user.
Does HIPAA Compliance Apply to you?
If you are a “covered entity” (as defined by HIPAA) and are using Influx MD to collect or store PHI (generally any information about the health status, provision of health care, or payment for health care that can be linked to a specific individual, such as an individual’s name and/or contact details combined with information about health care that the individual received), then HIPAA likely applies to your use of Influx MD.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a United States law that regulates the collection and handling of “protected health information” (PHI). Certain organizations called “covered entities” and their business associates are required to comply with
Activate HIPAA Compliance on your account
To complete HIPAA setup on your account.
1. Visit the Influx MD support center
2. Enter into a Business Associate Agreement.
Once activated, your HIPAA compliant account, the following features are activated.
- Security reminders: Users are reminded of security obligations related to HIPAA compliance whenever they perform actions that may involve PHI.
- Automatic logoff: Influx MD automatically logs off users after an account is inactive for 30 minutes or more.
- BAA: We provide a standard BAA agreement that is available to you at any time.
- Logging: All admin and lead events significant to account activity and security are time-stamped and identified by user and IP address before being logged.
Events that we log include:
- Account login successes and failures
- Account manual logouts
- Account password reset requests
- Account username requests
- Agent and admin deletions
- Lead history openings, and updates.
- System setting updates by admin.
Business Associate Agreement
Influx MD offers a business associate agreement (BAA) containing all of the provisions required by HIPAA (including the HITECH Act and related rules made by the DHHS)
Influx MD is assisted by network security consultants to ensure that we meet the specialized requirements of HIPAA.
Influx MD maintains administrative, physical, and technical safeguards that take all reasonable precautions to appropriately protect the confidentiality, integrity, and availability of the ePHI that we receive, maintain, and transmit on behalf of covered entities with respect to their HIPAA-enabled accounts. These safeguards include measures required by the Security Rule, such as:
- Regular risk assessments of systems to ensure that safeguards remain relevant and effective
- Assigned security team which is responsible for maintaining compliance with HIPAA’s security requirements
- Screening, authorization, and training of staff who come into contact with customer PHI
- Data backup plans
- Disaster recovery plans
- Systems regularly monitored, updated, and patched
- Incident response plan that includes reporting of security incidents to affected covered entities
- All communications with Influx MD servers encrypted with SSL
PHI in Influx MD
In general, the information stored in a lead tracking application such as Influx MD is not medical in nature and therefore not necessarily covered by HIPAA. However, covered entities can elect to use Influx MD to store lead specific protected healthcare information. For this reason, Influx MD requires any account storing PHI to enable HIPAA compliance settings.
Examples where Influx MD may be storing PHI include:
- Preauthorization information
- General Insurance information
- Medical issues
- General notes that include medical information
- Email messages from patients that may contain medical information.
At Influx MD we take our responsibilities under HIPAA very seriously. We have developed our procedures to ensure that our BAA responsibilities are fulfilled to help your organization comply with HIPAA obligations. Client accounts covered by an active BAA understand that Influx MD cannot alter system restrictions in place to help covered entities meet their HIPAA responsibilities.
As requirements change periodically, our processes also ensure that our initiatives comply with the latest HIPAA changes.
How do we safeguard your data?
Visit our security pages for details.
For more information about HIPAA, visit the Department of Health and Human Services’ website: https://www.hhs.gov/ocr/hipaa/.
How to get started
Influx MD is a serious marketing product that can make a huge difference to the bottom line of your medical practice. So if you are serious about improving conversions and increasing revenue for your medical practice, get in touch with one of our team for a discussion of how Influx MD can help.