ANGELSPEECH HIPAA Compliance Information

1. Our commitment to HIPAA

Based on the definition of HIPAA, our services are not subject to HIPAA compliance. AngelSpeech as business is NOT a HIPAA covered entity therefore is not required by law to certify for compliance. Please refer to this government site for HIPAA entity definition.

However, because most of our customers (doctors) are required to be compliant with HIPAA and because our service is an integral part of their medical practices, we have taken actions to monitor HIPAA rules and support their compliance with the regulations and guideline. We have committed our best efforts to these guidelines by implementing the following initiatives designed to safeguard patient information.

2. Our HIPAA Initiatives

• Our service and user interface design will not ask for any patient information that is not relevant to scheduling a service. This measure is intended to minimize any security risk associated with sensitive data.

  The only patient information required by our system to enable basic services is the patient's name and phone number. Other data such as email and the patient's home address are optional for patient records. The decision to use or leave out optional information is entirely in the doctor's control.

  New patient insurance info is deleted from the patient record immediately when a new patient's service request has been reviewed, and has been approved or declined by the doctor.

• We use SSL (Secure Sockets Layer) to protect your access to our website. SSL is the industry standard security technology for establishing an encrypted link between a web server and a browser.



• Our database is strictly safe-guarded and can be accessed by designated system admin only.



• Our customer support admin uses double authentication for access to the doctor's schedulers for support functions. An admin must pass first login to connect to our site, and second login for the functionality.



• Our scheduler and virtual receptionist design implement privacy and abuse protection on the user interface so a patient cannot review or access data involving a 3rd party.

  Our scheduler user account implements account login change protection to prevent your login access being hijacked by unauthorized 3rd party or a grumpy employee.

• We provide our doctors with full security control of the scheduler access so that a doctor can grant or remove his/her own patient web access for all, or individual patients.

3. Reminder Service is HIPAA Permitted

With regarding to the appointment reminder services, note that the HIPAA Privacy Rule permits health care providers to communicate with patients regarding their health care. This includes communicating with patients at their homes, whether through the mail or by phone, or in some other manner. In addition, the Rule does not prohibit doctors from leaving messages for patients on their answering machines.

Telephone or email patient appointment reminder services are obviously permitted by this rule.

4. Your HIPAA Questions

Please feel free to contact our support staff at tel: 1-888-770-4121 if you have more questions regarding our HIPAA initiatives.