Doxy.me was designed and built to support the workflow of healthcare providers and that includes following necessary rules and regulations associated with providing world-class healthcare. 

Doxy.me enables Covered Entities (Doctors, Hospitals, etc.) to be compliant with HIPAA in several ways. 1) Doxy.me establishes an encrypted peer-to-peer conduit for PHI transmitted between patients and providers and 2) Doxy.me will sign a Business Associates Agreement in which Doxy.me establishes responsibilities for PHI and protocols for notification of breach.

The Health Insurance Portability and Accountability Act, which was passed by Congress and subsequently signed into law by President Bill Clinton in 1996, can be broken into two major parts. The first part deals with protecting the health insurance of workers who lose their jobs or are between jobs – the ‘portability’ part. HIPAA also creates a national standard for protecting an individual's medical information through the regulation of electronic health records, health insurance plans, the health setting itself, and more. The standardized method of protecting patient information through security and privacy is the ‘accountability’ part.

The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, is designed to promote the widespread adoption and standardization of health information technology, and requires HHS to modify the HIPAA Privacy, Security, and Enforcement Rules to strengthen the privacy and security protections for health information and to improve the workability and effectiveness of the HIPAA Rules. In early 2013, a revision was made to HITECH known as the Omnibus rule. It includes new data privacy protections and further extends HIPAA obligations to business associates. Doxy.me would be considered a business associate of a covered entity that uses Doxy.me to transmit PHI between a client.

Being HIPAA compliant means addressing every patient's privacy and keeping all identifiable health information guarded and secure. It means understanding how to operate according to the Privacy and Security Rules. HIPAA is an ongoing process and includes conducting risk analysis and management, having disaster preparation plans in place, partaking in ongoing training, executing agreements with business associates, establishing a Privacy and Security officer, and more. Doxy.me is able to help Covered Entitles be compliant with HIPAA by ensuring their communication of PHI is not put at risk with products like Skype and FaceTime. Doxy.me is also able to sign a BAA which is necessary for HIPAA compliance.

Be sure to check with your legal counsel if you have specific questions regarding your compliance responsibilities with HIPAA.

Did this answer your question?