How it Works

Learn more

Why Use Us?

Learn more

Costs?

Learn more

HIPAA Compliance

What is HIPAA Compliance?

"HIPAA Complaint" is a strong phrase.  ShuttleDocs claims to be HIPAA compliant and we stand by that claim.  However, there is a lot more to HIPAA compliance than just the software and services that are used by Health Care professionals.  ShuttleDocs is HIPAA compliant in so far as the limits of the service allow. 

Complete HIPAA compliance can only be achieved by utilizing a combination of Software/Services and personnell policies for the use of that Software/Service.

So what does this mean?

Well it means that HIPAA compliance is up to you and your organization.  ShuttleDocs cannot and does not imply that just using the service for exchanging records means you are HIPAA compliant with your medical records. 

For example, let's say you have a few computers in your medical office and they are on a network,  each user has ShuttleDocs installed on their respective computer.  They use the service to send and receive electronic records from multiple offices.  Once the files are downloaded from ShuttleDocs to the desktop computer or other device they exist on the computers storage device and ShuttleDocs has absolutely no control over them.  These files could be unsecured, if the desktop computer was compromised, either by a hacker, the computer was sold or worked on by an outside service, etc then the files could accessed freely unless there were other precautions in place. 

Bottom line,  even though ShuttleDocs stored the files in a HIPAA compliant way, even though ShuttleDocs delivered the files in a HIPAA compliant way the physical files, once they are delivered to your systems they could be subject to  a HIPAA violation unless you put the proper policies in place to prevent these problems. 

What can we do?

There are many experts in the are of HIPAA compliance we suggest you consult the experts regarding your HIPAA compliance and put the appropriate policies in place to cover all your bases, especially the ones outside the control of ShuttleDocs.

Here are some suggestions:

  1. Require any partners that you share Protected Health Information with other than other Medical Professionals to sign a business partner agreement.
  2. Require PC's and mobile devices adhere to strict policies that would allow you to remotely wipe storage devices in the event of the device was lost or stolen. 
  3. Require all devices employee login timeouts to prevent unauthorized access when an authorized user steps away for a period of time.
  4. Ensure all devices that are disposed of are properly wiped, keep in mind that just formatting a storage device is not enough.  You need to utilize software that will cleanly wipe your drives and devices.

Above all, put your HIPAA policy in writing and have your legal counsel review it to ensure you have covered all the bases and appoint someone in your organization as the HIPAA specialist to ensure you are always compliant.

ShuttleDocs, LLC does not imply any legal advice by stating these recommendations.  ShuttleDocs, LLC encourages you to consult with your own legal counsel before developing or implementing any HIPAA compliance policy.