ANGELSPEECH HIPAA Compliance Information
1. Our commitment to HIPAA
Based on the definition of HIPAA, appointment scheduling services are not subject to HIPAA compliance. AngelSpeech as business is NOT a HIPAA covered entity and therefore is not required by law to certify for compliance. Please refer to this government site for HIPAA entity definition.
However, because most of our customers (doctors) are required to be compliant with HIPAA and because our service is an integral part of their medical practices, we have taken actions to monitor HIPAA rules and support their compliance with the regulations and guidelines. We have committed our best efforts to these guidelines by implementing the following initiatives designed to safeguard patient information.
2. Our HIPAA Initiatives
- Our service and user interface design will not ask for any patient information that is not relevant to scheduling a service. This measure is intended to minimize any security risk associated with sensitive data.
The only patient information required by our system to enable basic services is a patient's name and phone number. Other data such as the patient's email and home address are optional. The decision to use or leave out optional information is entirely in the doctor's control.
New patient insurance info is deleted from the patient record immediately when a new patient's service request has been reviewed, and has been approved or declined by the doctor.
- We use SSL (Secure Sockets Layer) to protect your access to our website. SSL is the industry standard security technology for establishing an encrypted link between a web server and a browser.
- Our database is strictly safe-guarded and can be accessed by designated system admin only.
- Our customer support admin uses double authentication for access to the doctor's schedulers for support functions. An admin must pass first login to connect to our site, and second login for the functionality.
- Our scheduler and virtual receptionist design implement privacy and abuse protection on the user interface so a patient cannot review or access data involving a 3rd party.
Our scheduler user account implements account login change protection to prevent your login access being hijacked by an unauthorized 3rd party or a grumpy employee.
- We provide our doctors with full security control of the scheduler access so that a doctor can grant or remove his/her own patient web access for all, or individual patients.
3. Reminder Service is HIPAA Permitted
With regarding to the appointment reminder services, note that the HIPAA Privacy Rule permits health care providers to communicate with patients regarding their health care. This includes communicating with patients at their homes, whether through the mail or by phone, or in some other manner. In addition, this rule does not prohibit doctors from leaving messages for patients on their answering machines.
Telephone or email patient appointment reminder services are obviously permitted by this rule.
4. Your HIPAA Questions
Please feel free to contact our support staff at Tel: 1.888.770.4121 if you have more questions regarding our HIPAA initiatives.