G2 Crowd User in Internet

    Is your site HIPAA compliant?

    about 2 years ago

    Yes. All communications within our platform are encrypted with bank-level 256-bit SSL encryption provided that you see the HTTPS protocol used on your URLs and widgets. (This is the standard. However, some white-label users may need us to setup an SSL for them to secure communications under their brand.)

    Furthermore, following HIPAA, we do not store any patient communications except reviews, which are presumed public. So you can achieve end-to-end encryption of all patient messages by also using secured email for collection.

    Of course, encrypted communication is only part of the privacy equation. Since you also have the flexibility to use our tool to, for example, email messages from patients to arbitrary recipients, you are ultimately responsible for the patient privacy mandate.

    Here are some considerations to keep in mind:

    In its simplest formulation, our system guides the patient from their healthcare experience to a third-party (Google, Healthgrades, Vitals, etc) where they voluntarily share that experience with the public under the third-party’s terms. In that case, we never touch protected health information (PHI).

    A patient could opt to share PHI via your contact form. Those messages are not stored by our system, per HIPAA.

    A typical obstacle that prevents willing patients from sharing their healthcare experience is that they believe they can’t do so anonymously. In fact, most healthcare-specific review sites allow anonymous reviews, and we alert patients to this fact early in the process in the “just-in-time” instructions that educate the patient through completing their review. You can also make this a prominent part of your messaging to patients.

    That said, if you encounter specific demands in your implementation that aren’t met by the above, we’re happy to work with you on it.