The final rule adopting HIPAA standards for security was published in the Federal Register on February 20, 2003. This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. To ensure compliance with the security provisions, Victory Rejuvenation Center, Inc (VRC) elected to acquire and implement a HIPAA-complaint Electronic Medical Records (EMR) system in May, 2010. This system, when fully implemented, allows us to be 100% paperless. In being HIPAA compliant, the EMR provider has implemented rigorous security standards that include biometric-enabled entry to the facility, secure processing over SSL (Secure Socket Layer – same as ecommerce transactions) and other physical and electronic protections.
The privacy provisions of HIPAA apply to health information created or maintained by health care providers who engage in certain electronic transactions, health plans, and health care clearinghouses. This part of the provisions provides requirements for how we can and cannot use the information that is in your health record, and gives you certain rights to limit disclosures in certain situations. The privacy provisions also require that we notify you of our specific privacy policies. Click this link to access our current Notice of Privacy Practices. Notwithstanding the HIPAA requirements, we take security and privacy very seriously and take every effort to safeguard your personal health information and the financial information that you trust us with when making payments.
Due to HIPAA and our concerns about privacy and data security, we are concerned about the use of standard email for sensitive information, called “protected health information” (PHI) in the HIPAA provisions. For that reason, we use facsimile or direct communication over SSL to our server for communications that include PHI. Regarding standard email, while it is generally considered a reasonably secure method of communication, it is widely known that standard email is not totally secure from end to end, and as such, the information could be intercepted or tampered with.
It is up to you to use your judgment for sending email to us. If it does not contain sensitive information, you can continue to use standard email or if in doubt, you can use facsimile and very soon we will be offering you a secure communications method using the ePatientPortal.