Healthcare associations and providers are particularly in the hot seat when evaluating board portal software, as they must apply extra scrutiny in assessing the information privacy and security of potential software partners.
Consider that over the course of a health Board’s operations, directors may have access to anecdotal mention of patients in a board book, see details of an individual’s medical claim, and discuss employee health benefits. Regulations to protect such personal records have intensified especially in United States with data compliance around individuals’ ePHI (electronic Protected Health Information) and HIPAA, which stands for Health Insurance Portability and Accountability Act. Canada’s federal law, the Personal Information Protection and Electronic Documents Act (PIPEDA), is comparable in many ways to HIPAA in the United States.
When assessing software to manage board information, health boards of directors must keep data security and compliance top of mind. Aprio serves many health organizations across North America and the Aprio board portal solution meets the requirements US health organizations are seeking to achieve and maintain HIPPA compliance. HIPAA aims to reduce healthcare fraud and abuse and also defines the standard that Business Associates like software providers must follow when dealing with ePHI.
What’s involved in HIPAA compliance?
HIPAA compliance is comprehensive and extends beyond technical standards. Particularly related to software vendors is how HIPAA deals with ePHI around three core areas of compliance:
- Privacy rule – protection of individually identifiable health information.
- Security rule – protection of the confidentiality, integrity, and availability of electronic protected health information.
- Breach notification rule – provision of notification following a breach of unsecured protected health information.
Complying with these rules, the Aprio board portal solution provides layers of advanced security starting at our Microsoft HIPAA compliant servers and providing comprehensive data protection for board information at storage, in transit and as it is accessed by board members. View a high level IT audit of our software.
Aprio’s commitment to health providers
Working with any of our customers in highly regulated industries, Aprio is familiar with demonstrating compliance and maintaining certification to earn a reputation of trust.
For US health clients, we are glad to engage in a HIPAA compliant “Business Associate Agreement” that outlines our responsibilities around ePHI relating to Aprio software.
Extensive data protection serves all
Aprio serves a large population of organizations beyond health including education, finance, government, not-for-profit organizations and public companies. What is the value of HIPPA compliance to non-health sectors? Simply put, as the rigor of our data security consistently increases for any sector, all the organizations that we serve benefit.
Since we were founded, our mission has been to make good governance simple and affordable for organizations across sectors and of any size. Data security is one of the measures we constantly evaluate to ensure our customers are well served, alongside ease-of-use, value and providing the industry’s highest level of support for users.
For more information about Aprio’s HIPAA compliant product, please contact info@aprio.net.
Recommended read for Canadian health organizations: Canada Health Information Privacy vs US HIPAA
