Many Governments are responsible for the handling and protection of Protected Health Information (PHI) as part of their online services and SeamlessDocs is now able to be a partner with your organization if HIPAA compliance is needed in those processes.
Our compliance with HIPAA has now been independently verified after completing the curriculum set forth by Accountable, a third-party HIPAA compliance management platform. Accountable's five step compliance process involves completion of an annual security risk assessment, HIPAA training for employees, adoption of privacy and security policies, assignment of a designated privacy officer, and execution of all required business associate agreements. To see the record of our compliant status you can visit a landing page designed specifically for us verifying our completion of the certification.
It’s extremely important to note that as part of this certification we now offer you all of the tools in order for you to use our software to manage Protected Health Information however it is the responsibility of your organization to take several steps before you can start receiving that data on each form.
You will first need to sign a Business Associate Agreement (BAA) with us stating your intent to use our platform to receive and store PHI in a HIPAA compliant manner. Anyone who wishes to enter into a BAA with us can reach out to our support team, your Account Manager or the sales representative you are working with, to get that process started.
Then after you have entered into a BAA with us there are settings that must be considered on your forms to ensure that you are requesting and handling the data correctly:
1. You will want to make sure no Protected Health Information is being shared through email notifications. If you think any data could include PHI then you will need to:
-Turning off ‘Include Submission Data’ in your Email Notifications
-Turning off ‘Include PDF as attachment’ in Email Notifications
-Ensuring you are not mapping field data to the subject line of your emails.
-If you are asking users to upload attachments that could potentially have PHI then also make sure to turn off ‘Include Link to PDF’ as this will also include links to any attachments uploaded.
-If your form has multiple signers, ensure that the email notification settings are also set up properly for each signer by going into Signers --> Manage Signers and looking at the settings under each signer
Please refer to our Knowledge Base article on Email Notifications as to how you can update these settings.
2. Do not expose any PHI publicly using our Public Record Portal feature.
3. Do not Disable Form Storage in your General form settings:
As mentioned before, we can only provide you the tools necessary to be compliant but it is the responsibility of each organization to ensure that all forms that could be collecting PHI conform to the settings and steps above.