HIPAA and HITECH provide national minimum standards to protect an individual’s protected health information (PHI). The U.S. Department of Health and Human Services (HHS) manages and enforces these standards.
HIPAA was originally created to streamline healthcare processes and reduce costs by standardizing certain common health care transactions, while protecting the security and privacy of individuals’ PHI. HITECH expanded on the privacy and security requirements of HIPAA.
HIPAA and HITECH focus on PHI, which generally includes any personally identifiable information regarding an individual’s physical or mental health, the provision of health care to him or her, or payment for related services. PHI also includes any personally identifiable demographic information, including, for example, name, address, phone numbers, and Social Security numbers
These standards affect the use and disclosure of PHI by covered entities (such as health care providers engaged in certain electronic transactions, health plans, and health care clearinghouses) and their business associates.
Vtiger enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) to leverage the secure Vtiger environment to process, maintain, and store protected health information.
HIPAA’s Privacy Rule restricts intentional and unintentional use or disclosure of PHI that is in violation of the requirements of HIPAA.
HIPAA’s Security Rule requires covered entities to put in place detailed administrative, physical, and technical safeguards to protect electronic PHI
It spells out penalties, and procedures for hearings
It requires healthcare providers to notify patients in the case of breach of unsecured PHI
Vtiger CRM Service is delivered via servers hosted in data centers belonging to Amazon EC2. Vtiger provides mechanisms to help Healthcare providers (i.e., covered entities) that use Vtiger service, to be HIPAA compliant.
Our Security policy mandates all of the following
For more details, please click on vtiger.com/security
When you store a person's sensitive data, like their health information or national ID number, certain laws may require you to encrypt that data at rest. Vtiger’s field encryption accomplishes that, while providing other protections that significantly reduce the risk of misuse by employees or malicious actors
In transmission, data is always encrypted using SSL.
If a breach has occurred at the service level, Vtiger will alert the Healthcare provider (Vtiger’s customer)