If you’re interested in HIPAA compliance, please reach out to your account executive or contact support.
The Health Insurance Portability and Accountability Act (HIPAA) is designed to help protect people’s healthcare data. Organizations such as hospitals, doctors’ offices, health plans, or companies dealing with protected health information (PHI) are required to be HIPAA-compliant. This may also extend to companies that work with these businesses and come into contact with PHI on their behalf.
Here are some key terms you should know:
PHI is healthcare data relating to a patient and collected by a healthcare provider, employer, or plan. It includes names, social security numbers, phone numbers, medical history, current medical condition, test results, and more. PHI is the content that HIPAA aims to protect and keep private.
A covered entity is anyone who provides treatment, payment, and operations in healthcare. Examples include doctors, hospitals, pharmacies, insurance companies, and more. These covered entities are responsible for the privacy and security of health information.
A business associate is anyone who has access to a patient’s information whether it is directly, indirectly, physically, or virtually. A business associate does not work under the covered entity’s workforce but instead performs some type of service on their behalf (i.e. a lawyer, a phone company, etc.). A business associate is subject to HIPAA rules.
A BAA is a contractual assurance from the business associate to the covered entity that they follow HIPAA’s requirements. This agreement must be in place before the transfer of PHI from the covered entity to the business associate.
HIPAA is available on Process Street on our Enterprise plan. Please note that if you are on this plan and later downgrade to another plan, you will no longer be covered under the HIPAA compliance program anymore.
You do not need to do anything to enable HIPAA compliance, we will do this for you once an Enterprise contract and BAA are in place.
When HIPAA compliance is enabled, the following will happen:
We recommend using SAML Single Sign-On (SSO) to add a layer of protection to your Process Street account.
To ensure that any sensitive data in your Process Street account can only be accessed by appropriate people, we recommend that you frequently review the list of your members.
You can use SCIM to automatically manage the users in your organization.
Our third-party integrations allow you to seamlessly connect Process Street to external platforms. While these third-party apps can be great complements to your account, it’s important to remember that they’re not part of our included services. If you want to keep the HIPAA compliance, you must ensure that any third-party app or service you use will also be HIPAA compliant.