HIPAA Compliance is Available on the Premium Plan
PipeFlow360 offers HIPAA compliance through Business Associate Agreements, making it easy to safely grow your practice with advanced marketing automation systems that drive new patient registrations, re-activate past patients, nurture new leads with email and SMS, send patient satisfaction surveys, increase positive reviews while filtering negative ones, and even provide two-way SMS chat between patients and your staff.
- Encryption – All forms for HIPAA-compliant customers will be encrypted at rest. If you have existing forms that are not currently encrypted, they will immediately be encrypted moving forward after establishing the BAA. All new forms will be automatically encrypted at rest (including any files uploaded via the File Upload field).
- Support – Support for platform issues will be provided through standard email support and phone support, but not through direct access by PipeFlow360 team members.
- Timeouts – User timeouts will change from 8 hours to 1 hour to increase the security for sensitive PHI. Automatic locking of screens and other computer security measures should still be employed, but this adds an additional layer of protection.
- Emails – Email notifications should be reviewed to ensure they are HIPAA-compliant. PHI should be marked as protected to prevent transmission via email unless patients have signed a waiver allowing for transmission of PHI via email for communication purposes.
- Integrations – PipeFlow360 agrees to enter into written contracts with any agent or independent contractor that creates, receives, maintains, or transmits PHI on behalf of the PipeFlow360 with regard to services provided by PipeFlow360 pursuant to the Agreement (collectively, “Subcontractors”). Such contracts shall obligate Subcontractor to abide by substantially the same terms and conditions as are required of PipeFlow360 under this BAA.
- Not an EMR – PipeFlow360 is not an Electronic Medical Record system. While sensitive PHI information may be collected securely through PipeFlow360, information that should be considered part of a patient’s Legal Health Record should be transferred (either manually or automatically) into a system that supports tracking of this information by patient and meets the availability requirements necessary for providing patient care during emergencies.
- Plan – Your organization must be on the PipeFlow360 Premium ‘Course Creator’ Plan (and not a trial) in order to enter into a BAA. There is no additional cost associated with obtaining the BAA beyond this monthly subscription plan.
- Workflow links – Workflow links sent to known users (like employees of the business) are HIPAA compliant when sent to an email address that supports end to end encryption, like Office 365. Over 90% of email accounts support end-to-end encryption. Workflow links may be sent to patients if and only if they have opted into email-based communication of their data via a signed consent form.
ESTABLISHING A BUSINESS ASSOCIATE AGREEMENT
To enter into a Business Associate Agreement with PipeFlow360:
- Select your organization’s name in the top left and then select Settings.
- Click on Plan in the left-hand navigation, or scroll to the Plan section.
- From your plan settings, click the Sign our BAA to get started link.
- Review the BAA as written in the dialog, then provide your title and signature at the bottom of the agreement and click the I Agree button.
- You will see a message indicating that you have successfully entered into a BAA with PipeFlow360, as well as the option to download a PDF copy of your agreement. You will also receive a copy of your agreement via email.
- Your plan settings will now reflect your BAA status. From here, you can exit your agreement by clicking the Exit your BAA link. You can also download a copy of your BAA at any time from the PipeFlow360 BAA link.
If you have any questions about establishing a BAA with PipeFlow360, please contact us.