If you’re in the United States, you’ve probably heard of HIPAA—the Health Insurance Portability and Accountability Act of 1996. This is a legislation that provides US citizens with protections around PHI (Protected Health Information).
Cliniko can now help you meet HIPAA requirements! Before today, we did not have many of the requirements that HIPAA puts in place to ensure that PHI is, well, protected. Now, though, we’re able to say that we do have the features that HIPAA asks for, and you can turn these on within your Cliniko account to help your business be compliant.
For quick reference, these two articles will walk you through all things HIPAA:
And now, the longer version of it all…
While what follows is probably going to to be most interesting to those of you in the United States, most of the “HIPAA features” that we’ve developed are available to all accounts.
How does it work?
There’s an account-wide HIPAA compliance setting that, when turned on, will change how certain things work. These include:
- User activity will be logged (so, you’ll be able to track things like attempted logins, what a user looked at, when it happened, and even where they were, based on their IP address). Please note that right now, this is only available to accounts in the United States.
- Patient privacy settings will be super-duper, well, private —for example, their names will be anonymised in browser tabs and in the external calendar integration.
- Certain functionalities will be different —for example, you will not be able to email invoices or payment receipts directly from Cliniko.
You can learn more about the specifics on the HIPAA compliance setting here.
What do I need to do?
You will need to enable the HIPAA compliance setting in your account. This can be found in your account’s privacy settings:
If you’re not in the United States, you can still use many of these features! Most of these can be found in the patient privacy area of your account setting. Here’s a quick little overview so you have an idea of what optional, account-wide new settings are available:
- Automatic session timeouts—basically, any user will be logged out after a period of inactivity. This is handy when it comes to account security!
- You can anonymise deleted patient records. While Cliniko will retain appointment and financial history if you delete a patient, you can ensure that no patient names show up when you’re looking at those records.
- You can restrict the ability to email financial information from Cliniko. What this means is that no “Email” buttons will show up on invoices, payment receipts, or account statements, even if the patient has an email address on file.
- Booking notifications can be anonymised—so no patient names will show up in new appointment or cancellation notifications that are sent to practitioners.
- You can specify how patient names display in your browser and in the external calendar integration. They can be entirely anonymised, but you can also opt to show just their first name or their initials if you don’t want their full name to show up.
Note that all of the above features are optional—you don’t have to turn them on. If you wish to meet HIPAA requirements, though, we recommend enabling these features.
As always, if you have any questions on this, our friendly support team will be here to help!