Is PokitDok HIPAA compliant?
Last Updated March 14th, 2017
Yes. If your system is using the APIs with Protected Health Information (PHI), your system must also be Health Insurance Portability and Accountability Act (HIPAA) compliant. Large healthcare enterprises should already have policies and procedures in place to ensure they're in compliance with HIPAA. If you wish to use PokitDok’s APIs within one of these large organizations, you should treat your use of the API data like you would any of your internal systems. If you're a young company, you should develop your own policies and procedures for ensuring HIPAA compliance.
Here are a few tips for companies just getting started:
- Put someone in charge who is accountable and follows-through on all activities related to HIPAA compliance and data security
- Keep Protected Health Information (PHI) secure and private
- Encrypt data on disk
- Encrypt data transmitted over the network
- Use principle of least privilege
- Set up office policy, implementation procedures and training for your staff
- Inform patients of their rights and support those rights
You should always refer to the U.S. Department of Health & Human Services to fully understand Health Information Privacy.