The Health Insurance Portability and Accountability Act (“HIPAA”) sets forth privacy and security standards for any entity that uses or discloses protected health information. For information on HIPAA, visit the U.S. Department of Health and Human Services website.
For any business that treats patients/clients and is subject to HIPAA, compliance is an organization-wide obligation requiring procedural standards and business practices that protect the privacy and security of patient/client information. As part of these obligations, the business must ensure it only utilizes software that has adequate safeguards to protect patient/client information. Both the MyTime Marketplace and MyTime Scheduler (“MyTime Products”) incorporate such technological and procedural safeguards, as detailed below.
MyTime Products employ the following technological safeguards to facilitate your compliance with HIPAA: patient/client information is transferred using 128-bit SSL encryption; accounts require secure login with minimum password length enforcement; the production environment is protected by stand-alone firewalls with access limited to authorized personnel via encrypted channels; and offsite backups are made daily and stored in an encrypted state.
Further, MyTime requires all personnel with access to patient/client information for purposes of providing technical support to be trained in the privacy requirements of HIPAA. MyTime does not share, sell, disclose or provide patient/client information to third parties except as detailed in MyTime’s Privacy Policy.
MyTime Products also provide numerous settings and features—including user-specific logins, multiple user access levels, and the ability to easily add and remove users—to facilitate procedural standards that enable you to maintain overall HIPAA compliance. As with any technology, it’s incumbent upon you to properly incorporate MyTime Products into your business practices and make your own assessment of your resulting overall HIPAA compliance.