CareStack is committed to keeping all Protected Health Information (PHI) secure & compliant. We keep systems and procedures up-to-date and in compliance with all related regulations, and we understand that keeping client information safe is of the utmost importance.
Under HIPAA privacy rules, CareStack is a Business Associate. As such, we comply with all applicable rules and regulations of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, and we have instituted policies and procedures to ensure this is done.
All employees are required to re-take HIPAA training every two years, and we have Information Security procedures in place to ensure that our policies and procedures related to information and physical security are up-to-date and follow any new or revised regulations. These policies and procedures are frequently reviewed to maintain compliance with HIPAA rules and regulations.
For the ultimate dental software, choose the solution that’s scalable for growing dental start-ups or large DSOs and still affordable for small mobile providers and single-office dental practices. Choose CareStack!
CareStack clients are considered Covered Entities because they hold first-hand Patient information, including treatment info, appointments, addresses, and contact details, and electronically transmit health information in connection with transactions.
CareStack itself is considered a "business associate," since we perform functions or activities on behalf of a covered entity and can access patient data.
The HIPAA Privacy Rule protects individuals' medical records and sets limits on the use and disclosure of personal health information without patient authorization. Patients may also examine and obtain copies of their health records, and request corrections.
The HIPAA Security Rule sets standards to protect electronic health info by requiring safeguards to ensure its confidentiality and security.
Only necessary CareStack personnel can access relevant databases, web portal data, backups, and data extracts of any form.
CareStack team's activities are recorded automatically by built-in software on their workstation machines. Privacy of the team members will be protected; logs are available in case of an incident.
If practices encounter discrepancies, report to the Security Officer by sending an email to firstname.lastname@example.org. (Please note: it is the practice’s duty to report any discrepancy.)
CareStack team will update the HIPAA compliance rules as and when needed, based on new laws enacted/technological advancements.
Report to the Security Officer if you see any discrepancies. Send an email to email@example.com describing the issue and context.
If you want to send the e-PHI data, then always encrypt and send.
The password should be shared in a separate email.
If you are sending/uploading images, then blur the PHI information.
Always secure your laptop/desktop, especially if it contains e-PHI data.
If you need to print information that contains PHI data, make sure to keep it secure or shred it after use.
Always remember to keep PHI data on your desktop/laptop to an absolute minimum. Use the secure DataStores which are held in CareStack Office/Azure VM/Azure SQL.
CareStack's all-in-one platform contains many additional related features, including: