FAQ:
HIPAA Compliance,
Privacy, and Security

Is CareAlign HIPAA compliant and secure?

  • Yes! CareAlign is HIPAA compliant and secure, and follows best practices for maintaining the highest security and privacy requirements of the healthcare industry. Specifically, CareAlign

    • Requires all staff and contractors to complete HIPAA compliance training every year.

    • Signs a Business Associates Agreement (BAA) with each user of our system.

    • Has every vendor/ subcontractor with access to our systems sign a BAA.

    • Conducts a risk analysis monthly and reviews access verification quarterly.

    • Has a Chief Privacy and Security Officer as well as a Compliance Officer

    • Utilizes member authentication that adheres to Auth 2 standards and offers Multi Factor Authentication (MFA) to users of the system.

    • Provides continuous backup of all data, and it’s encrypted!

    • Continuously monitors for vulnerabilities in its app and network.

    • Maintains extensive audit logs to ensure that we can trace what is happening to data access.

      To view CareAlign's BAA, click here

                                           

Is it ok for me to put Personal Health Information (PHI) in this application?

  • Great Question, and yes it is! That is what CareAlign was specifically = designed for. CareAlign is a secure, encrypted platform that is HIPAA-compliant.

  • CareAlign takes HIPAA security and privacy very seriously, and follows all the regulations necessary to be HIPAA compliant.

  • HIPAA allows you to disclose information to our app since we are acting as a “third party” under your permission, which is spelled out in the BAA that we (CareAlign) and you sign when you create an account. In that BAA:

    • We are letting you know that we are safeguarding the information you give to us.

    • We pledge to only use the information you give to us to further the patients healthcare

    • You agree to put in all the information necessary, but only the minimum amount necessary to make CareAlign function and help take care of your patients.

What is a Business Associates Agreement (BAA) and why do I need to sign it?

  • A BAA is an agreement between two parties, the “covered entity” (the clinician or organization providing PHI) and the “Business Associate” (in this case, CareAlign). In the BAA, you agree that you will only provide the PHI necessary to provide patient care, while we agree that we will follow all rules of HIPAA and take appropriate measures to keep PHI safe, secure, and protected. Learn more about what CareAlign does to stay safe and secure here.

  • CareAlign uses the same process and BAA standards as many other well known systems that you are likely familiar with, for example Doximity Dialer, ePrescription apps, or other secure messaging applications.

What am I committing to when I sign a BAA?

  • When you sign the BAA you are agreeing that you:

    • Will only provide the PHI necessary to provide patient care

    • Won’t ask us to use or disclose PHI in any way that breaks federal or state laws (think HIPAA)

    • Will only request us to disclose PHI directly to another party for purposes allowed by HIPAA and the HITECH Act

    • Notify us if any privacy practices at your organization or location have changed and impact how we use or disclose PHI

    • Notify us if there are any changes to the written permission granted to us for using or disclosing PHI

    • Notify us of any restriction to the use or disclosure of PHI that was initially permitted

What is CareAlign committing to in the BAA?

  • CareAlign is committing to keep your and your patients’ data protected and secure. You can read the full BAA here, but below are a few specific things CareAlign agrees to in the BAA:

    • We won’t use or disclose PHI unless permitted in writing by the user/organization or as required by law

    • For any PHI that we do use, we use the Minimum Necessary Standard (only the data we specifically need) and limited data sets

    • Your PHI isn’t sold or used for marketing purposes

    • We will meet or exceed industry standards for protecting data

    • Any CareAlign subcontractors have to comply with our security and safety requirements as specified in the BAA

How does CareAlign protect my privacy and the privacy of my patients?

  • CareAlign employs a number of organizational, technical and physical safeguards designed to protect the personal information we collect. To learn more, view our Privacy Policy here.

Is CareAlign more secure than paper, or a Word or Google Document?

  • Yes! While Microsoft and Google use various security measures to protect data and information, these platforms are not HIPAA compliant unless your hospital or organization has signed a BAA with Microsoft. Even when precautions are taken to keep PHI on paper protected, paper can still easily be misplaced, lost, or seen by someone not authorized to view the PHI. CareAlign is HIPAA compliant and meets regulatory requirements and security standards to protect PHI.

What are the terms of service for using CareAlign?

  • View our complete Terms of Service here

New Test

  • Test View our complete Terms of Service here

+
Is CareAlign HIPAA compliant and secure?
  • Yes! CareAlign is HIPAA compliant and secure, and follows best practices for maintaining the highest security and privacy requirements of the healthcare industry. Specifically, CareAlign

    • Requires all staff and contractors to complete HIPAA compliance training every year.

    • Signs a Business Associates Agreement (BAA) with each user of our system.

    • Has every vendor/ subcontractor with access to our systems sign a BAA.

    • Conducts a risk analysis monthly and reviews access verification quarterly.

    • Has a Chief Privacy and Security Officer as well as a Compliance Officer

    • Utilizes member authentication that adheres to Auth 2 standards and offers Multi Factor Authentication (MFA) to users of the system.

    • Provides continuous backup of all data, and it’s encrypted!

    • Continuously monitors for vulnerabilities in its app and network.

    • Maintains extensive audit logs to ensure that we can trace what is happening to data access.

+
Is it ok for me to put Personal Health Information (PHI) in this application?
  • Great Question, and yes it is! That is what CareAlign was specifically = designed for. CareAlign is a secure, encrypted platform that is HIPAA-compliant.

  • CareAlign takes HIPAA security and privacy very seriously, and follows all the regulations necessary to be HIPAA compliant.

  • HIPAA allows you to disclose information to our app since we are acting as a “third party” under your permission, which is spelled out in the BAA that we (CareAlign) and you sign when you create an account. In that BAA:

    • We are letting you know that we are safeguarding the information you give to us.

    • We pledge to only use the information you give to us to further the patients healthcare

    • You agree to put in all the information necessary, but only the minimum amount necessary to make CareAlign function and help take care of your patients.

+
What is a Business Associates Agreement (BAA) and why do I need to sign it?
  • A BAA is an agreement between two parties, the “covered entity” (the clinician or organization providing PHI) and the “Business Associate” (in this case, CareAlign). In the BAA, you agree that you will only provide the PHI necessary to provide patient care, while we agree that we will follow all rules of HIPAA and take appropriate measures to keep PHI safe, secure, and protected. Learn more about what CareAlign does to stay safe and secure here.

  • CareAlign uses the same process and BAA standards as many other well known systems that you are likely familiar with, for example Doximity Dialer, ePrescription apps, or other secure messaging applications.

+
What am I committing to when I sign a BAA?
  • When you sign the BAA you are agreeing that you:

    • Will only provide the PHI necessary to provide patient care

    • Won’t ask us to use or disclose PHI in any way that breaks federal or state laws (think HIPAA)

    • Will only request us to disclose PHI directly to another party for purposes allowed by HIPAA and the HITECH Act

    • Notify us if any privacy practices at your organization or location have changed and impact how we use or disclose PHI

    • Notify us if there are any changes to the written permission granted to us for using or disclosing PHI

    • Notify us of any restriction to the use or disclosure of PHI that was initially permitted

+
What is CareAlign committing to in the BAA?
  • CareAlign is committing to keep your and your patients’ data protected and secure. You can read the full BAA here, but below are a few specific things CareAlign agrees to in the BAA:

    • We won’t use or disclose PHI unless permitted in writing by the user/organization or as required by law

    • For any PHI that we do use, we use the Minimum Necessary Standard (only the data we specifically need) and limited data sets

    • Your PHI isn’t sold or used for marketing purposes

    • We will meet or exceed industry standards for protecting data

    • Any CareAlign subcontractors have to comply with our security and safety requirements as specified in the BAA

+
How does CareAlign protect my privacy and the privacy of my patients?
  • CareAlign employs a number of organizational, technical and physical safeguards designed to protect the personal information we collect. To learn more, view our Privacy Policy here.

+
Is CareAlign more secure than paper, or a Word or Google Document?
  • Yes! While Microsoft and Google use various security measures to protect data and information, these platforms are not HIPAA compliant unless your hospital or organization has signed a BAA with Microsoft. Even when precautions are taken to keep PHI on paper protected, paper can still easily be misplaced, lost, or seen by someone not authorized to view the PHI. CareAlign is HIPAA compliant and meets regulatory requirements and security standards to protect PHI.

+
What are the terms of service for using CareAlign?
  • View our complete Terms of Service here

+
New Test
  • Test View our complete Terms of Service here

Loading...