HIPAA Compliance

Protecting patient data and practice information is our number one priority as your software as a service provider.

Being HIPAA Compliant and remaining compliant is our #1 priority at YAPI Inc.

The Health Insurance Portability and Accountability Act of 1996 (known as, HIPAA) is a federal law in the United States. The objective of HIPAA is to establish and ensure security among patient health information, also known as, PHI.

At YAPI Inc., we continually work to ensure upholding HIPAA privacy and security rules.

Our software, YAPI, was built and designed specifically for dental providers. We constantly safeguard all of our products and features to provide full HIPAA compliance for a modern and efficient dental practice.

 

What technical measures does HIPAA require?

HIPAA obliges all health providers and those who are in possession of PHI to uphold certain established rules and regulations.

According to HIPAA privacy regulations, it is required that business associates follow all procedures to protect full confidentiality and security of PHI. This includes all mediums from verbal, paper, and electronic formats.

 

As your business associate,YAPI Inc, upholds all HIPAA policies including the protection of patient PHI.

Patient Emails and Reminders: Electronic communication between providers and patients is permitted, granted that PHI is protected and all compliances are met. Our software handles PHI directly from the covered entity’s practice management software. It is the sole responsibility, however, of the covered entity (the licensed dental practice) to ensure that the correct patient email is on file.

Patient Text Reminders: Appointment confirmations and general communication between providers and patients are permitted, however, prior authorization should be included in your standard HIPAA forms or Notice Of Privacy Acknowledgement. It is the sole responsibility of the covered entity (the licensed dental practice) to ensure that the correct patient number is on file. In all text reminders, you should minimize as much PHI as possible. This is especially important when communicating sensitive information. Never, under any circumstances, include information about diagnoses or patient’s treatment plans in text reminders.

Phone Assistant: Electronic business phone systems are permitted provided that the phone systems process patient health information safely. It is the sole responsibility of the covered entity (the licensed dental practice) to ensure workstation security and device/media controls.

Electronic Patient Forms: Electronic patient intake and consent forms are permitted. However, it is the sole responsibility of the covered entity (the licensed dental practice) to ensure that access controls, such as passwords, are put into place to help limit access to patient information to authorized individuals.

Please Note this is not legal advice.