By SiteStaff Team on Feb 12, 2020 6:45:00 AM The Health Insurance Portability and Accountability Act of 1996 is a far-reaching law meant to “improve the efficiency and effectiveness of the health care system.” When it was passed, online technology was in its infancy, and as a result, the law has evolved to cover electronic health care transactions for health plans, health care clearinghouses and health care providers. Today, online communication has become a way of life, especially in health care. Specifically, live chat is becoming the channel of choice for millions around the world who want to communicate quickly and safely. But is it possible to provide live chat that is HIPAA compliant? The answer is a resounding YES — if your live chat provider is as dedicated to HIPAA compliance as you are. Here’s a look at the primary regulatory requirements to help you make a wise choice. Protection of electronically protected health information or ePHI is primarily defined in the HIPAA Security Rule of 2003 under three main sections: Administrative Safeguards — These are the policies and procedures governing “the selection, development, implementation, and maintenance of security measures to protect electronically protected health information and to manage the conduct of the covered entity's or business associate's workforce in relation to the protection of that information.” Regarding a live chat host (aka “business associate” under regulations), this broadly includes their policies and procedures as well. This section includes the security management process requiring risk analysis, risk management, sanction policy, and information system activity review; assigned security responsibility; workforce security including access authorization/supervision, and workforce clearance and termination procedures; information access management including implementing policies and procedures for granting access; access establishment and modification policies and procedures that establish, document, review and modify rights of access; security awareness and training; security incident procedures, response and reporting; contingency planning; and periodic evaluation. Physical Safeguards — These are the actual “physical measures, policies, and procedures to protect a covered entity's or business associate's electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.” Addressed under this section are policies and procedures for facility access, security and validation; maintenance records; workstation use and security; the receipt, use, re-use, removal, and disposal of hardware and electronic media containing PHI and associated accountability; and data backup. Technical Safeguards — These are “the technology and the policy and procedures for its use that protect electronically protected health information and control access to it.” In this section are access control including unique user identification, emergency access procedures, automatic logoff, and encryption/decryption; audit controls; system integrity to verify PHI has not been altered or destroyed; access authentication; and transmission security including integrity controls and encryption. Live chat HIPAA compliance is not simple, but it’s also not optional. In short, your live chat provider is held to much the same regulatory oversight as your practice and should be able to assure compliance. In less regulatory terms, here are a few of the requirements that when met, indicate a live chat provider takes HIPAA compliance seriously:The Big Three
Reality check(list)
While considering the best live chat host for your plastic surgery practice, take a minute to find out what a great benefit live chat can be by downloading our “Plastic Surgeon Case Study.”
Back to Blog