How is DocbookMD HIPAA-Compliant?
In order for a mobile app to say it is HIPAA-secure, it must meet four major security criteria:
- Administrative safeguards: There must be a termination procedure where Protected Health Information (PHI) may be rapidly removed from the device or access to PHI is quickly terminated. DocbookMD has the ability to remotely shut down access to the app and any data containing PHI if loss or theft of a device is reported.
- Physical safeguards: Access to the device containing PHI must be limited. DocbookMD strongly encourages physicians to keep their devices safe and password protect their phones and tablets.
- Technical safeguards: PHI must be encrypted to the highest encryption standards available. Secure encryption must be tested on an on-going basis. DocbookMD uses 256 bit-encryption for all PHI on the device, server and during transmission.
- Redundancy: Any device that contains PHI must have a back-up and recovery procedure. DocbookMD has data back-up procedures and a disaster recovery plan in the event of loss of device or PHI. Our servers also have these systems and emergency recovery procedures in place.
DocbookMD is available free to medical society members, who are almost exclusively physicians. Physician assistants are allowed access to the app in regions where they are also allowed membership into a medical society. Medical societies ensure proper licensure of their members, including the National Provider Identifier (NPI). All users of the app must sign our HIPAA business agreement and are covered entities under HIPAA regulations. As covered entities, users of the app must abide by all of the rules of HIPAA and HITECH, including both privacy and security rules.
View the full HIPAA business agreement here.