YAPI is HIPAA Compliant
Protecting patient data and practice information is our number one priority as your software as a service provider.
Being HIPAA Compliant and remaining compliant is our #1 priority at YAPI Inc.
The Health Insurance Portability and Accountability Act of 1996 (known as, HIPAA) is a federal law in the United States. The objective of HIPAA is to establish and ensure security among patient health information, also known as, PHI.
What technical measures does HIPAA require?
As your business associate,YAPI Inc, upholds all HIPAA policies including the protection of patient PHI.
- Patient Emails and Reminders: Electronic communication between providers and patients is permitted, granted that PHI is protected and all compliances are met. Our software handles PHI directly from the covered entity’s practice management software. It is the sole responsibility, however, of the covered entity (the licensed dental practice) to ensure that the correct patient email is on file.
- Patient Text Reminders: Appointment confirmations and general communication between providers and patients are permitted, however, prior authorization should be included in your standard HIPAA forms or Notice Of Privacy Acknowledgement. It is the sole responsibility of the covered entity (the licensed dental practice) to ensure that the correct patient number is on file. In all text reminders, you should minimize as much PHI as possible. This is especially important when communicating sensitive information. Never, under any circumstances, include information about diagnoses or patient’s treatment plans in text reminders.
- Phone Assistant: Electronic business phone systems are permitted provided that the phone systems process patient health information safely. It is the sole responsibility of the covered entity (the licensed dental practice) to ensure workstation security and device/media controls.
- Electronic Patient Forms: Electronic patient intake and consent forms are permitted. However, it is the sole responsibility of the covered entity (the licensed dental practice) to ensure that access controls, such as passwords, are put into place to help limit access to patient information to authorized individuals.