PandaDoc recently became HIPAA compliant.
This is big news for healthcare providers and other covered entities that are looking for ways to streamline their patient onboarding process and store medical records, like HIPAA forms and health records, in a safe and secure way.
Let’s take a closer look at the basics of HIPAA, how it affects health information, and how PandaDoc helps healthcare providers stay compliant with federal law when handling protected health information (PHI).
What is HIPAA, and how does PandaDoc fit in?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) created national standards designed to prevent the disclosure of protected health information without the patient’s consent or knowledge. This was a critical rule, even in the late 90s, as more and more health information was being recorded and exchanged electronically.
The core philosophy behind HIPAA is that an individual should have control over his or her medical information. With that in mind, covered entities must comply with all HIPAA compliance requirements.
This includes:
- Healthcare providers
- Healthcare clearing houses
- Providers of health plans (insurers)
- 3rd party business associates of other covered entities
Since PandaDoc is now HIPAA compliant, we will be considered a covered entity (business associate) when our services are used by other covered entities in order to distribute HIPAA forms and collect patient information.
As a business associate for healthcare providers, PandaDoc limits access to patient information from its own employees, except in scenarios where access to this data is required to complete their job duties.
HIPAA regulations (The HIPAA Privacy Rule) require a signed Business Associate Agreement (BAA) with every completed document. PandaDoc will provide a BAA for all Enterprise customers with five or more seats.
The HIPAA Privacy Rule
While many parts of HIPAA are focused on electronic security and data transfer, the HIPAA Privacy Rule applies to both printed and electronic health documentation.
This rule ensures that the customer has received notice of privacy practices by their medical provider or healthcare organization.
This rule also makes sure that patients have access to their own medical records, can restrict others from gaining access to that information, and can request changes to medical information if it isn’t believed to be accurate.
When using PandaDoc to sign and complete HIPAA forms or documents, the HIPAA Privacy Rule still applies. As part of your standard template package, you can send a consent form through PandaDoc notifying customers of their privacy rights under HIPAA.
As with many other HIPAA forms, PandaDoc can be used to collect the signature of patients.
The HIPAA Security Rule
As part of HIPAA’s Administrative Simplification guidelines, healthcare providers choosing to transfer electronic Protected Health Information (ePHI) are required to protect their electronic systems from security threats.
For many healthcare operations, this can be a major struggle. Small doctor’s offices may not have the technical knowledge to safeguard patient health information and larger institutions often run on antiquated or outdated IT infrastructure.
PandaDoc can help healthcare providers conform to the HIPAA security rule by providing a safe and secure environment for data transfer. With PandaDoc, patient information is delivered, tracked, and automatically stored in a central location. Our servers are hosted on the AWS platform and are SOC 2 certified.
Using PandaDoc can help healthcare providers focus on assisting patients rather than spending time on data compliance and cybersecurity. We can help teams get HIPAA forms securely signed and delivered without the risk of a data breach or unauthorized disclosure.
How does PandaDoc remain HIPAA compliant?
While most HIPAA regulations don’t change, technology is constantly evolving, and PandaDoc is always innovating in order to provide a better experience for its customer.
However, as a HIPAA-compliant business solutions provider, we are constantly reviewing our software and security protocols in order to maintain HIPAA compliance.
Here are a few things that PandaDoc does in order to stay in-the-know with HIPAA regulations:
HIPAA Training
Internally, our team members undertake HIPAA privacy training to ensure that they maintain a full understanding of HIPAA regulatory requirements and of a patient’s rights.
As mentioned earlier, we also limit access to sensitive healthcare data to employees who need to use it in order to complete their job duties. Please note that PandaDoc employees may access healthcare records, but only for the purposes of helping customers.
As with customers who aren’t in the healthcare field, PandaDoc respects the privacy of your business and your customers. We maintain the security and confidentiality of your documents and transactions while they are on our platform.
Our staff is also trained on what to do in the event of a security breach. This training helps our team minimize the risk that accompanies the transmission of electronic data and provides clear guidelines for our team in the event that HIPAA data is accessed or used in an unauthorized way.
Security Compliance
As a service provider working in document security, PandaDoc is responsible for maintaining HIPAA compliance for data transmitted through its systems.
In order to ensure compliance and privacy, we conduct an annual HIPAA risk analysis to isolate and resolve any systematic issues. This audit helps us determine what we should do in order to improve HIPAA compliance.
We’ve also adopted a sanctions policy for violations of both HIPAA and PandaDoc policies, and we provide compliance oversight with respect to identified risks. These guidelines give our team steps to follow and the oversight necessary to operate in good faith as your service provider.
In addition to other policies, procedures, and guidelines, PandaDoc also conducts regular reviews of our security program via our standard SOC 2 audit. We’re committed to providing a safe and secure environment for all customers beyond what is required by federal and state law.
Sign your HIPAA forms with PandaDoc
While necessary to ensure patient privacy and security, adherence to HIPAA policies can be difficult for many organizations.
PandaDoc can help your company streamline your document workflow and get your HIPAA authorization forms signed and filed. To do this, you’ll need to upload all relevant documents to the PandaDoc platform.
If that sounds tedious, we can help. As part of our onboarding services, our team will help you configure your setup, migrate your content, and even provide personalized training so that you can create the right experience for your team and your customers.
Sign up for a 14-day free trial with PandaDoc to see how we can help you spend more time with patients and less time with paperwork.