HIPAA Compliance

Take a look at how we’ve made pulseM HIPAA compliant right out of the box.

What is HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act. It’s a set of physical, technical and administrative standards intended to secure the sharing of medical data – also known as protected health information (PHI).

Why is pulseM HIPAA Compliant?

In September of 2013, the Final Omnibus Rule Update was passed. It expanded the applicability of HIPAA from the traditional entities like hospitals and insurers to anyone who stores, manages or transmits PHI. These entities are now called Business Associates So, companies like pulseM.

How does pulseM achieve HIPAA compliance?

We take security very seriously at pulseM. We know you’re relying on us to protect your patient data, so we use only the highest levels of security and strictest practices to secure your PHI. Specifically, there are 4 HIPAA Rules that pulseM complies with to achieve the highest level of HIPAA compliance:

  • HIPAA Security Rule: This breaks down to three layers: physical, technical and administrative. Physical safeguards pertain to who can access PHI and how that access is controlled. pulseM is hosted with AWS, which provides much of the physical safeguarding. Technical safeguards describe data transmission standards, auditing practices and authentication measures. Administrative safeguards mandate internal training, policies and procedures we implement to secure your patient data.
  • HIPAA Privacy Rule: This rule instructs on how to handle a data breach and disclose PHI to relevant individuals or parties.
  • HIPAA Enforcement Rule: This is where the penalties, investigations and procedures for violations are spelled out.
  • HIPAA Breach Notification Rule: This rule instructs us on how to handle a breach, including the timeline for notifying patients and/or other parties depending on the size of the breach.

How does the Business Associates Agreement (BAA) work?

A Business Associate is a vendor or subcontractor who has access to PHI transmitted or stored by a covered entity. So, if you’re a medical clinic and you send patient data through pulseM, you’re a Covered Entity and we’re a Business Associate.

Signing the BAA will ensure that we uphold our end of safeguarding and managing patient data properly. It will also clearly outline what services you should expect us to render, and what we are responsible for. A BAA is necessary for you to complete your HIPAA compliance. If you’re the admin for your Carespace, you’ll be prompted to complete the BAA after creating your account.