Many uses of our platform do not involve disclosure or use of “protected health information” (PHI), defined as personally-identifiable information about a patient’s health. Patients who willingly write reviews for public consumption, either on our platform or via third-party review publishers such as Google and Facebook, agree to make that information public or license it with an attribution that they themselves define.
In cases where PHI may come into play, reasonable safeguards are taken such as encrypting sensitive information and making it available to you only under gated, password-protected access through an encrypted connection, consistent with HIPAA and other privacy regulations. We can further provide our standard “business associate agreement” (BAA) to covered entities.
Of course, since users have extensive freedom to use our tools as they wish–including providing others access to their accounts–users are ultimately responsible for maintaining good security policies and the patient privacy mandate.