Frequently Asked HIPAA Questions

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act. The purpose of HIPAA is to ensure the privacy and security of patient protected health information (PHI). The HIPAA regulation consists of three main rules: the HIPAA Privacy, Security, and Breach Notification Rules.

Each of these Rules has a specific purpose and requires organizations to implement policies and procedures to ensure adherence.

  • HIPAA Privacy Rule: dictates the proper uses and disclosures of PHI
  • HIPAA Security Rule: requires organizations to implement measures to ensure the confidentiality, integrity, and availability of PHI
  • HIPAA Breach Notification Rule: requires organizations to report breaches that affect PHI

What is the HIPAA Security Rule?

The HIPAA Security Rule requires that we implement safeguards to keep protected health information (PHI) secure. To meet our security requirements, we implement administrative, technical, and physical safeguards. Some of these measures include encryption, user authentication, access controls, audit trails, data backup, and disaster recovery.

Do You Sign BAAs?

Yes, we are HIPAA compliant and will sign a Business Associate Agreement, which requires us to use specific safeguards to protect your data.

You can email your signed BAA to us at hipaa@chooselifemarketing.com. We will review it, and assuming everything looks good, we will sign it and replace the BAA on file for your account.

It is important that while we are HIPAA compliant, you are responsible for your own HIPAA compliance program and how you use it. Learn more about Business Associate Agreements. If you need help with becoming HIPAA compliant please contact Compliancy Group at HIPAA@compliancygroup.com

Why Do I Need a BAA?

Without a signed Business Associate Agreement (BAA) our service cannot be used in compliance with HIPAA. This is because as a HIPAA Business Associate contracted by your organization, we have the potential to access protected health information (PHI). HIPAA requires us to have a signed BAA in place with you before you can use our service.

What is the HIPAA Seal of Compliance

There is no official certification of HIPAA compliance, but we partnered with a third-party company to ensure we are doing everything right and, after completing their program, received their Seal as proof of our good faith effort. The Seal of Compliance verifies and validates our efforts to comply with HIPAA.

You can click verify our compliance or click on the HIPAA Seal of Compliance in the footer of this website.

Do We Conduct a Security Risk Assessment?

Yes, as a Business Associate, we are required to conduct an annual security risk assessment (SRA) as part of our HIPAA compliance. SRAs identify deficiencies in security practices, allowing us to implement measures to improve our security and prevent breaches. Learn about Security Risk Assessments.

Does Our Website Protect Patient Health Information (PHI)?

Our website protects patient health information (PHI) in a secure and private manner (including any PII that is collected, such as names, addresses, and phone numbers) in the following ways:

  • The website is hosted under Choose Life Marketing, who has completed Compliancy Group’s Implementation Program, adhering to the necessary regulatory standards outlined in the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, Omnibus Rule, and HITECH
  • We partner with a company that will sign a Business Associate Agreement, which requires them to use specific safeguards to protect data. This website is hosted by Choose Life Marketing, who will sign a BAA
  • We partner with a company with a firewall on its server
  • We use HIPAA-compliant analytics platforms through using server-side Google Tag Manager
  • We use an SSL certificate on our website. The SSL certificate makes an encrypted link between a web server and a web browser and ensures all the information remains confidential. It encrypts internet traffic and verifies the server identity
  • We use only encrypted and secure forms on our website
  • We encrypt data at rest through form encryption, so if the database is extracted, it will not be readable
  • We ensure data from this website is backed up through the hosting company Choose Life Marketing
  • We limit access to the website to only authorized individuals. We ensure that PHI is only accessible to users authorized by our organization and our hosting company’s staff
  • New users receive an initial strong password generated on the website
  • We only send emails containing PHI through encrypted email servers. Emails sent by our website do not include PHI. Our email is encrypted using TLS

“For I know the plans I have for you,” declares the Lord,”plans to prosper you & not to harm you, plans to give you hope & a future.”

JEREMIAH 29:11

Reach her.

CONTACT US

Latest News

Google Business Profile for Pregnancy Centers: Dominate Local Search in 2025 
Google Business Profile for Pregnancy Centers: Dominate Local Search in 2025

If you want more women in your community to find your pregnancy center in...

Maximizing a Pregnancy Center's Social Media Presence: Tips for Facebook, Instagram, and More 
Maximizing a Pregnancy Center’s Social Media Presence: Tips for Facebook, Instagram, and More

Social media can powerfully engage donors and reach potential clients online. It’s well worth...

The Role of Analytics in Digital Marketing for Pregnancy Centers: Measuring Success 
The Role of Analytics in Digital Marketing for Pregnancy Centers: Measuring Success

It’s hard to evaluate the success of your pregnancy center’s digital marketing without analyzing...