Read about SR Health's approach to HIPAA and TCPA compliance.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that seeks to improve the efficiency of the healthcare industry while ensuring the security and confidentiality of patient health information. HIPAA generally applies to “covered entities” (including any healthcare provider) and "business associates" (any third party engaged by a covered entity to help carry out its healthcare activities and functions). Thus, under HIPAA, you are a covered entity and Solutionreach is your business associate.
HIPAA privacy regulations require that you and your business associates develop and follow procedures that ensure the confidentiality and security of your patients’ protected health information (PHI) whenever it is transferred, received, handled, or shared. This requirement applies to all forms of PHI, whether on paper, in oral communications, or in electronic format. Furthermore, only the minimum health information necessary to conduct business is to be used or shared.
As your business associate, Solutionreach follows detailed policies governing the protection of your patients’ PHI, including employing administrative, physical, and technical safeguards as required by HIPAA rules and regulations. You can be confident that we will protect your patient data to help you stay compliant.
Providers may be concerned that cloud-based platforms are more vulnerable to Internet-based attacks, but—with the proper security measures in place—cloud-based solutions carry no more threat of data breach than on-site data storage. In fact, a quality cloud-based software can be more secure because it is more closely monitored; small businesses like healthcare practices can’t typically afford to staff team members responsible for managing the security of their server. The encrypted data stored within SR Health is constantly monitored by experts who are committed to keeping your data safe. With the peace of mind that comes with choosing Solutionreach, some of the complexity involved in staying compliant with HIPAA regulations is alleviated.
The Telephone Consumer Protection Act (TCPA) is a federal law that regulates the way consumers are contacted by telephone, fax and text message. These regulations apply to the text and automated landline messages you are able to send through SR Health to communicate with your patients. The TCPA requires that companies obtain consent from consumers prior to sending any sort of text or automated telephone messages, unless an exemption applies. As a HIPAA covered entity, requirements for how that consent is obtained are different depending on whether your messaging only contains health-related information or if it includes marketing-focused content. The TCPA also imposes requirements related to how you identify yourself in messaging and mechanisms for honoring “opt-out” requests from your patients. We have built our platform to support your compliance with the TCPA.
Canada’s Anti-Spam Legislation (CASL) is a Canadian federal law that regulates commercial electronic messages ("CEMs"). The legislation applies to any electronic message that encourages participation in a commercial activity and may include messages to email addresses, social media accounts, and text messages to cell phones. You can visit the Government of Canada’s website to learn more about CASL.
While it is your responsibility to comply with all aspects of CASL as it relates to sending messages to your patients, we have designed SR Health to include safeguards and features that, if used appropriately, will help you stay compliant.
SR Health is designed to give you the most functionality possible when it comes to communicating and engaging with your patients, while also helping you stay compliant with communication rules and regulations. As such, the platform allows you some flexibility in the messaging content you create, but you will be asked to confirm and verify that your message content meets certain requirements. It is also your responsibility to promptly respond to and immediately honor all patient requests to opt-out or unsubscribe from future messages.
Please note that, while we are dedicated to giving you tools that will help you stay compliant with HIPAA, the TCPA, CASL, and other regulations, the information we provide is not legal advice. You are responsible for ensuring the compliance of your patient messages. We encourage you to seek out competent legal counsel for specific direction and guidance.