HIPAA Compliance

Take a look at how we’ve made DocsInk HIPAA compliant right out of the box.

What is HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act. It’s a set of physical, technical and administrative standards intended to secure the sharing of medical data – also known protected health information (PHI).

Why is DocsInk HIPAA compliant?

In September of 2013, the Final Omnibus Rule Update was passed. It expanded the applicability of HIPAA from the traditional entities like hospitals and insurers to anyone who stores, manages or transmits PHI. These entities are now called Business Associates So, companies like DocsInk.

Do I need HIPAA compliance?

All Covered Entities need to be HIPAA compliant. A Covered Entity is anyone who provides treatment, payment and operations in healthcare. So, this includes clinics, hospitals, independent practices, home health agencies, pharmacies and insurance companies. The fines for HIPAA violations can be pretty severe, up to $50,000 for a single incident. That’s why we’ve built DocsInk. We want to provide a world-class communication experience where you don’t have to worry about security and can focus on what you do best: care for patients.

How does DocsInk achieve HIPAA compliance?

We take security very seriously at DocsInk. We know you’re relying on us to protect your patient data, so we use only the highest levels of security and strictest practices to secure your PHI. To help us do this, we use Aptible, a world-class HIPAA compliance deployment and management platform. Specifically, there are 4 HIPAA Rules that DocsInk complies with to achieve the highest level of HIPAA compliance:

  • HIPAA Security Rule: This breaks down to three layers: physical, technical and administrative. Physical safeguards pertain to who can access PHI and how that access is controlled. DocsInk is hosted with AWS, which provides much of the physical safeguarding. Technical safeguards describe data transmission standards, auditing practices and authentication measures. Administrative safeguards mandate internal training, policies and procedures we implement to secure your patient data. You can access the HHS documentation here.
  • HIPAA Privacy Rule: This rule instructs on how to handle a data breach and disclose PHI to relevant individuals or parties. You can access the HHS documentation here.
  • HIPAA Enforcement Rule: This is where the penalties, investigations and procedures for violations are spelled out. You can access the HHS documentation here.
  • HIPAA Breach Notification Rule: This rule instructs us on how to handle a breach, including the timeline for notifying patients and/or other parties depending on the size of the breach. You can access the HHS documentation here.

Can I see more information on DocsInk’s technical security?

Absolutely. Here’s a dedicated risk assessment prepared for our specific technology: DocsInk Risk Assessment.

How does the Business Associates Agreement (BAA) work?

A Business Associate is a vendor or subcontractor who has access to PHI transmitted or stored by a covered entity. So, if you’re a medical clinic and you send patient data through DocsInk, you’re a Covered Entity and we’re a Business Associate.

Signing the BAA will ensure that we uphold our end of safeguarding and managing patient data properly. It will also clearly outline what services you should expect us to render, and what we are responsible for. A BAA is necessary for you to complete your HIPAA compliance. If you’re the admin for your Carespace, you’ll be prompted to complete the BAA after creating your account.