HIPAA Summary
The security and privacy of user data is our top priority. We comply fully with the applicable provisions of the Security and Privacy rules, issued pursuant to the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 ("HIPAA"), which sets forth guidelines for how to protect data from unauthorized access.

HIPAA (Health Information Portability and Accountability Act) is a federal law that protects health information. Federal standards are now in place that ensure patients have access to their own medical records while adding new responsibilities to those charged with protecting this information.

For those in the business of providing access to information, these regulations are the proverbial double-edged sword. If patients now have expanded access to their own medical data, the quickest, cheapest and most convenient manner to provide this information is electronically through the internet. So those involved in designing web applications and hosting web sites can expect to see new HIPAA related opportunities. However, with these new opportunities come new responsibilities. The security provisions detailed in HIPAA are exacting. Working within the scope of HIPAA places an onus on web designers to ensure that potentially sensitive medical information is kept private.

In order to comply with HIPAA, we have created specific policies and procedures, and have reviewed them with HIPAA experts for completeness and applicability. These policies range from login and password procedures to disaster recovery plans. We have made every effort to assure your data is safe and secure under our supervision, and review our practices on a regular basis to assure this in the future.

HIPAA Privacy Rules
Any examination of HIPAA's impact starts with the provisions of the Privacy Rule. This is the section that provides patients with access to their own medical records. Until the privacy rule came into effect in 2003, patients did not have a federally mandated right to view their own medical information. Access to this information is now guaranteed under HIPAA. Not only can patients view their own records, but they have the right to know who has accessed their records over the preceding six years.

If either of these rights are not adequately provided for, patients now have the right to lodge complaints and force those in possession of this data to make it available to them. Conversely, if patients find out their information was accessed by parties who should not have access to it, patients now have the right to demand both civil and criminal penalties under the Privacy Rule.

In this context, the benefits of providing protected information through the web are obvious. Compared to the cost of patients going through medical personal to gain access to their records, direct access through the internet is a far cheaper solution in the long run. Also, storing and transmitting this data electronically allows for a simplified means to monitor who has access to protected information.

HIPAA Security Rules
The security rule is of particular importance to those who design and host web sites as the rule only refers to health information that is maintained or transmitted electronically. The security rule is the portion of HIPAA that establishes a security framework for those entities that deal with medically sensitive information. The security rule demands that all HIPAA entities provide a security plan with safeguards explicitly defined for the following areas:

• Administrative
• Physical
• Technical

Each section must have defined procedures that ensure medical data is protected. For HIPAA compliant web designers and web-hosting providers, the implications of this rule are immense. HIPAA entities looking for secure solutions need to ensure the applications they choose to employ meet the security demands defined in the rule.

HIPAA entities must also make sure that those companies they work closely with follow these safeguards themselves. As a vendor or partner to HIPAA entities, those companies charged with providing web-enabled solutions must ensure that the business practices they employ will stand up to the scrutiny of the HIPAA security rule.