The HIPAA Privacy Rule regulates the use and disclosure of Protected Health Information (PHI) by medical service providers, among others. Like many user-operated online services, our platform gives you the tools for uploading, gathering and publishing information, and such tools can be used in both compliant and non-compliant ways. Healthcare providers should adopt practices that do not compromise their obligations with respect to PHI under HIPAA.

Many uses of our platform do not involve disclosure or use of “protected health information” (PHI), defined as personally-identifiable information about a patient’s health. Patients who willingly write reviews for public consumption, either on our platform or via third-party review publishers such as Google and Facebook, agree to make that information public or license it with an attribution that they themselves define.

In cases where PHI may come into play, reasonable safeguards are taken such as encrypting sensitive information and making it available to you only under gated, password-protected access through an encrypted connection, consistent with HIPAA and other privacy regulations. We can further provide our standard “business associate agreement” (BAA) to covered entities.
Of course, since users have extensive freedom to use our tools as they wish–including providing others access to their accounts–users are ultimately responsible for maintaining good security policies and the patient privacy mandate.