How does ScheduFlow Online meet HIPAA compliance criteria

Does HIPAA Apply to You?

Before we dive into software considerations, how do you know if you need to pay attention to HIPAA guidelines? HIPAA applies to any organization that transmits any electronic billing information (such as invoices, or information needed to look up insurance information) to any health insurance company, including Medicare or Medicaid. This means that HIPAA typically regulates organizations involved in health care, including organizations providing counseling, therapy, or other services that need to bill insurance companies.

If you bill or conduct any billing-related electronic communications with insurance companies, no matter how minimal, your entire organization is a "covered entity." This means that all your data, processes, and systems throughout the organization are subject to the HIPAA guidelines, even if you only bill for one program or a few patients.

If you conduct all your communications in paper form, rather than electronically, you're technically not required to follow HIPAA guidelines. This could be an "out" if you only need to bill on rare occasions a couple times a year, and otherwise track very little health-related data. In general, however, HIPAA only describes a sensible set of practices and processes to handle client data, and the requirements for software packages are not particularly onerous. If you work in health services, counseling, or any field where you might bill for medical or health-care services, it likely makes sense to ensure that your software won't preclude you from being compliant if that becomes important down the road.

Seeking "HIPAA-Compliant" Software

How, then, do you find a HIPAA-compliant software package? You can't, because no such thing exists.

It's you, as an organization, that's HIPAA compliant, and no software application is going to magically make you that way. HIPAA defines a large set of policies and procedures, many of which have nothing to do with technology. Instead of searching for a "HIPAA-approved" label, you should be looking for software that provides the (few) features suggested by HIPAA guidelines, and that additionally helps to support the policies and best practices that your organization has set up to protect your data.

The paragraphs above are referenced from an article from the following website: http://www.idealware.org which helps non-profit organizations make smart software decisions.


How does Duoserve ScheduFlow Online software meet criteria that help you towards becoming HIPAA compliant?

1. All data is stored in secure databases, offsite, in highly-secure datacenters.  No physical access is granted to any employees to these servers.

2. All data that travels between your computers and our secure datacenters is encrypted

3. Dual-level authentication security:
  • Account login allows only managers to determine which computers can have access to the database i.e. employees cannot log in from the outside if they do not have these login credentials.  They can only log in from computers designated by the manager(s) who have the account login credentials.
  • User login prevents anyone who may have acquired the Account Login information from accessing your scheduling data by forcing each authorized user to log in with their specific username and password, and user login/password.  
  • Ex. Account Login: MyMedicalOrganization12 Password: ManagersPassword would be only known to managers and saved on all computers that need access.
  • Ex. User Login: JohnSmithEmployee1 Password: employeepassword11 would be known to employee who can not access system from home/outside without the Account Login as well.
4. ScheduFlow Online has granular user security allowing you give specific privileges to each user (e.g. employee1 can only view and edit appointments but can't delete them, employee2 can only create clients, etc.)