Curv Health is HIPAA compliant - what does that mean?
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.
HIPAA applies to any organization that stores Personal Health Information (PHI) in the United States, including health care professionals or clinics, and provides restrictions on the use and disclosure of PHI.
What is personal health information?
Under HIPAA, PHI is defined as any information held by a covered entity which concerns health status, the provision of healthcare, or payment for healthcare that can be linked to an individual.
This information may include:
• Names and dates directly applying to or somehow related to any individual
• Telephone, email address, and other contact information
• Social security, medical record, health insurance plan, or other account numbers
• Driver’s licence numbers or vehicle identifiers, such as serial numbers
• Computer identifies, such as: IP address, web URL, device identifiers and serial numbers
• Biometric identifiers, such as: retinal scan, fingerprints, etc.
• Full-face photos and comparable images
• Geographic data smaller than a state (city, for example)
The handling of health information is governed by HIPAA, but requirements within each state and/or regulatory body may also apply.
Curv Health has appropriate administrative, technical, and physical safeguards to prevent PHI from intentionally or unintentionally being used or disclosed in violation of HIPAA’s requirements.
• Administrative safeguards include implementing procedures for use and disclosure of PHI. All Curv employees are required to undergo privacy and security training on a regular basis.
• Technical safeguards include limiting access to information by creating computer firewalls, which will ensure that there is only authorized access to PHI at the minimum level necessary for administrative functions.
• Physical safeguards include locking doors or filing cabinets.