Is BodySite HIPAA Compliant?

BodySite HIPAA Compliant Features and Tools

Ensuring compliance with HIPAA (the Health Insurance Portability & Accountability Act) is a top priority for healthcare practitioners of all verticals. As more aspects of healthcare enter into an online format, it’s important to choose mediums that support your efforts to protect your patient’s protected electronic health information (e-PHI).

During the pandemic, many providers sought to provide care to their patients virtually, but did so without meeting basic HIPAA compliance standards, such as utilizing a video chat software that doesn’t require a passcode, or messaging on applications that are not designed for healthcare communications. Many providers don’t realize that while Zoom for Healthcare claims to be HIPAA compliant, regular Zoom generally is not compliant.

If this is an issue for your practice, consider a HIPAA-compliant solution that performs a variety of functions inside one convenient platform. BodySite is the remote patient monitoring and telehealth solution that educates your patients every day and keeps everything in a tidy, HIPAA compliant package that protects you and your patients.

Here are some of BodySite’s HIPAA Compliant Features…

HIPAA Compliant Security Features Right Out of the Box …

Password Protected Portal for Patients and Providers (Digital App and Desktop)

All of the functionality of the BodySite platform takes place on a secure, HIPAA-compliant platform and app.  BodySite is hosted on a set of HIPAA-compliant servers with redundant backups and full encryption of all data both at rest and end to end.  Every patient and provider user of the platform has a separate secure account and every user is required to enter a best practices password to secure their BodySite account. By adding this layer of security, patients and providers’ activities inside the account can only be accessed by the patient or provider of the account. Passwords are required both on desktop and inside the mobile app. Best practices are followed for password length and type as well as for timed log out after inactivity to protect and secure patient data and PHI.

User Roles and Permissions

Patients and providers alike are able to utilize BodySite and each are given their own tools and permissions. Additionally, the main provider of the account is able to add staff and determine specific permission settings for different types of staff. For example, a nurse and a receptionist may have different permissions for a particular office. Permissions can be changed at any time under settings.

Patients Must Set Up Their Account Via Email Before Accessing

Before patients can access the account created for them on BodySite, they must activate themselves by using a secure link in a welcome email that was triggered by their provider or by securely purchasing the plan online from the provider’s unique enrollment link(s). Patients cannot create a BodySite account without either being enrolled by their care provider or from the provider’s secure enrollment link(s).

HTTPS Security

BodySite uses HTTPS to securely encrypt all data in transit.  That means that if anyone gets a hold of a data packet, they won’t be able to figure out what’s in it. This ensures secure communications and data transfer for sensitive patient biometric data, patient journal entries, messages between patient and providers as well as the video stream of telehealth visits. All of this allows for a secure online experience for both patient and provider.

HIPAA Compliant Tools for Your Practice…

Telemedicine Clinic and Messaging

Many providers are using communications tools that are not HIPAA-compliant. This puts sensitive patient data at risk and puts providers at risk of costly HIPAA violations. With BodySite, you can conduct a wide variety of functions right inside a HIPAA-compliant  telemedicine solution. While in a telemedicine session, securely take encounter notes, assign care programs to patients, share the screen and securely share secure documents with patients, all stored in the patient record simultaneously.

Providers can also maintain a telehealth scheduling calendar integrated with their own personal and business calendar so that patients only schedule telemedicine visits when the provider has open appointments. And providers can also create both one-on-one and group telemedicine visits depending on the needs of the patient and the practice calendar, all of which are protected by the same security standards.

For additional security, providers access their telehealth virtual clinic on BodySite only from within their secure account dashboard where they can speak with patients, enroll patients in care protocols, securely message patients, share documents, and communicate through a HIPAA compliant messaging engine. Patients access the telemedicine clinic easily but securely by launching a secure link from within the app or web platform that requires authentication by email and password at a secure https connection within their provider’s instance of the platform.

Patient Biometrics and Remote Monitoring

Because all data entered by patients who access their account on BodySite is stored in the patient record, providers always securely access and monitor patient progress by clicking on their patient record while securely logged in. Providers can use this information to inform care or guide discussions inside theHIPAA-compliant messaging functions.

Automated Patient Education

Inside of BodySite’s HIPAA-compliant framework lives a content management system that allows providers  to educate patients with daily care plans and instructions.  Providers can deploy a care plan to each  patient, which patients access in the secure portal, giving them access to daily guidance, tasks, videos and more. This functionality can be used to guide patients with chronic conditions or to promote general healthy living; it’s completely customizable, patient specific and completely secure within each patient account.

Intake Forms

Many doctors and healthcare providers continue to ask and allow patients to fill out extensive paper intake forms in office waiting rooms or by non secure email applications. This creates huge security risks for patients’ protected health information. Too often, other people can easily see a patient’s sensitive data in the waiting room and staff shuffle papers around multiple desks before patient intake forms are secured.

Instead of following out-of-date and risky intake procedures, BodySite allows providers to provide patients with access to a secure online intake form or questionnaire. Patients access the forms from inside of a password-protected account and all answers are securely stored in the HIPAA-compliant platform under the control of the provider. Providers can use any of the turnkey intake form templates  to avoid  asking the same questions on outdated paper forms and easily modify forms or build more, all while logged into a secure environment.

Manage Staff Permissions

One potential HIPAA violation that’s easily avoided is the practice of sharing account access with multiple providers or staff within an office. This is a practice to be avoided for any software that involves PHI and most providers do it anyway out of convenience or because additional user permissions are complicated. With BodySite, adding staff members to the main provider account is easy and also customizable to help manage communications and patient monitoring for each member of the practice team.

The main provider account on BodySite can configure potentially unlimited team or staff provider accounts, each with differing permission levels to ensure that team members only access patients, or content or settings, if they are supposed to. Additionally, team providers can get a secure team conversation going inside the same HIPAA compliant environment by using BodySite’s Team Discussions feature.

The Benefit of Centralizing Your HIPAA Compliant Tools…

The healthcare industry has experienced significant increases in remote and digital healthcare solutions over the past several years, in large part due to the recent pandemic and partly to the developments in healthcare technology. This can be a great paradigm shift for providers and their patients.

In fact, “62.6% of patients and 59% of clinicians feel there is no difference between virtual/telehealth and physical visits as far as the overall quality of the visit is concerned. 32.7% of patients and 45.9% of clinicians reported that the in-person visit is better, but for more than 50% of them there was no difference.” (The American Journal of Managed Care, 2019/Arkenea “The Ultimate List of Healthcare IT Statistics”)

As these solutions become more broadly implemented, a common mistake that providers often make is utilizing too many different platforms to implement a variety of patient and practice management functions and worse, using one or more pieces that create security holes with major risks to patient security and increase the likelihood of provider liability.

That’s where BodySite comes in. We’ve created a secure platform that serves a wide array of provider and patient needs in one seamlessly secure workflow for patients and practices and that helps practices who are seeking to increase practice revenue and improve patient outcomes. Practice and patient management, patient education, remote patient monitoring, secure messaging and telemedicine don’t have to live on multiple platforms that create chaos and risk security.   

Want to Try BodySite for Free?

If you’re interested in seeing all that a BodySite account can provide get started today for FREE. Click HERE to claim your 30-day FREE trial of BodySite. You’ll gain access to all of BodySite’s HIPAA compliant core functionality for 30 days, free of charge!

For our full HIPAA compliance statement, click here.

SOURCES:

https://arkenea.com/healthcare-statistics/

https://www.ajmc.com/view/patient-and-clinician-experiences-with-telehealth-for-patient-followup-care