HIPAA Agreement
Last Updated September 2024
HIPAA compliance is a paid upgrade and factored into your monthly payment. Accounts are NOT HIPAA compliant by default.
What is HIPAA?
HIPAA stands for the Health Insurance Portability And Accountability Act of 1996, which is a United States legislation that provides data privacy and security provisions for safeguarding medical information.
The act, which was signed into law by President Bill Clinton on Aug. 21, 1996, contains five sections, or titles:
1.) Title I: HIPAA Health Insurance Reform
2.) Title II: HIPAA Administrative Simplification
3.) Title III: HIPAA Tax-Related Health Provisions
4.) Title IV: Application and Enforcement of Group Health Plan Requirements
5.) Title V: Revenue Offsets
In the context of online marketing, adhering to HIPAA Title II is what most people mean when they refer to HIPAA compliance.
HIPAA Title II
Also known as the Administrative Simplification provisions, Title II includes the following HIPAA compliance requirements:
1.) National Provider Identifier Standard. Each healthcare entity, including individuals, employers, health plans and healthcare providers, must have a unique 10-digit national provider identifier number, or NPI.
2.) Transactions and Code Set Standard. Healthcare organizations must follow a standardized mechanism for electronic data interchange (EDI) in order to submit and process insurance claims.
3.) HIPAA Privacy Rule. Officially known as the Standards for Privacy of Individually Identifiable Health Information, this rule establishes national standards to protect patient health information.
4.) HIPAA Security Rule. The Security Standards for the Protection of Electronic Protected Health Information sets standards for patient data security.
5.) HIPAA Enforcement Rule. This rule establishes guidelines for investigations into HIPAA compliance violations.
The two requirements that apply to the relationship between our Vendor, the Codispoti Group, LLC, who acts as the client's Agency, and the agency's client (the Practice) are the HIPAA Privacy Rule and the HIPAA Security Rule. The details of each of these rules can be found here:
Compliance
In the relationship between the platform Vendor, the Codispoti Group, LLC acting as the agency, and the agency's client (the Practice); the Practice is considered "the HIPAA-covered entity" and the platform Vendor and Agency are considered "HIPAA Business Associates".
Vendor has worked with The Compliancy Group consultancy to ensure that they are in full compliance with the HIPAA Privacy Rule and the HIPAA Security Rule so that Vendor, can enter into HIPAA Business Associate Agreements (BAA) with their customer Agencies.
In order for the personal health record data of our client's Practice's patients to be completely protected, however; Codispoti Group, LLC must also be in full compliance with HIPAA Title II so that we can provide our client's Practice with a HIPAA Business Associate Agreement as well.
If required, Codispoti Group, LLC will reach out to Vendor if Client requires the contact information of The Compliancy Group which will help Codispoti Group, LLC ensure to our client's that our Agency is fully compliant.
Security
Our database automatically encrypts all data before it is written to disk. No setup or configuration is required and no need to modify how you access the service. The data is automatically and transparently decrypted when read by an authorized user.
With server-side encryption, Google manages the cryptographic keys on our behalf using the same hardened key management systems that we use for our encrypted data, including strict key access controls and auditing. Each database object's data and metadata are encrypted under the 256-bit Advanced Encryption Standard, and each encryption key is itself encrypted with a regularly rotated set of master keys.