The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that seeks to ensure the security and confidentiality of patients private health information (PHI). HIPAA applies to both “covered entities” (healthcare providers) and “business associates” (3rd parties whom a covered entity has engaged to help carry out its healthcare activities). Under HIPAA, you are a covered entity and MyMedLeads is your business associate.
HIPAA privacy regulations require that you and your business associates develop and follow procedures that ensure the confidentiality and security of your patients’ protected health information (PHI) whenever it is transferred, received, handled, or shared. This requirement applies to all forms of PHI, whether on paper, in oral communications, or in electronic format. Furthermore, only the minimum health information necessary to conduct business is to be used or shared.
As your business associate, MyMedLeads maintains administrative, physical and technical safeguards required by HIPAA rules and regulations and enforces them via company policies and procedures. The MyMedLeads Platform is designed to maximize your ability to communicate with your leads and patients while helping you stay HIPAA-compliant.
You are responsible for ensuring the HIPAA compliance of your patient’s private health information (PHI), including any information you share with MyMedLeads as part of configuration and technical support activities. PHI should not be emailed, attached, or shown in a screenshot. You must also ensure that your messages to leads and patients meet certain requirements, including the inclusion of an unsubscribe link, and that you promptly and permanently honor all opt-out requests for future email or text messages.
You may be concerned that your PHI data is more vulnerable to cyber attacks on a cloud-based platform. In fact, proper security measures in place for cloud-based solutions carry no more threat of data breach than on-site data storage. For small practices, cloud-based software can be more secure because it is more frequently and consistently monitored than would be possible by your own staff members. The data stored in MyMedLeads platform is constantly monitored by experts who are committed to keeping your data safe.
The Telephone Consumer Protection Act (TCPA) is a federal law that regulates the way consumers are contacted by telephone, fax and text message. These regulations apply any communications you send via email or text via MyMedLeads. We have built our marketing campaigns and appointment reminder tools to support your compliance with the TCPA.
The TCPA requires that companies obtain consent from consumers (including leads and patients) before sending any text or automated telephone messages unless an exemption applies. HIPAA requirements for obtaining consumer consent are different depending on whether your messaging contains PHI and/or marketing content. The TCPA also imposes requirements related to how you represent yourself on your From and Reply-to addresses. It also requires mechanisms for honoring “opt-out” requests from your leads and patients.
THIS IS NOT LEGAL ADVICE
Please note that while we are dedicated to ensuring that MyMedLeads tools make it easy for you to stay HIPAA-compliant, the information MyMedLeads provides here or in our ongoing communications with you is not legal advice. You are responsible for ensuring the HIPAA compliance of your patient’s private health information (PHI). We encourage you to seek legal counsel for specific direction and guidance.