The security of your students' data is a #1 priority for SLP Now.
We leverage a secure environment to process, maintain, and store protected health information. The SLP Now team also has precautions in place to ensure that PHI is protected and secure.
Privacy Compliance Q&A
[1] What is HIPAA?
HIPAA includes provisions to protect the security and privacy of protected health information (PHI). PHI includes a very wide set of personally identifiable health and health-related data, including insurance and billing information, diagnosis data, clinical care data, and lab results such as images and test results. The HIPAA rules apply to covered entities, which include hospitals, medical services providers, employer sponsored health plans, research facilities, and insurance companies that deal directly with patients and patient data. The HIPAA requirement to protect PHI also extends to business associates.
Health Information Technology for Economic and Clinical Health Act (HITECH) expanded the HIPAA rules in 2009. HIPAA and HITECH together establish a set of federal standards intended to protect the security and privacy of PHI. These provisions are included in what are known as the "Administrative Simplification" rules. HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities.
[2] Why does HIPAA matter?
We understand that as a provider, you are subject to the rules and regulations of HIPAA. To help you protect your data, we host our program on a HIPAA compliant cloud-based server. Our cloud-based server provider aligns their HIPAA risk management program with FedRAMP and NIST 800-53, which are higher security standards that map to the HIPAA Security Rule. For information on how NIST 800-53 aligns to the HIPAA Security Rule, please see the following guidance document: http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf.
[3] What is a Business Associate?
A Business Associate is a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information.
[4] What is a Business Associate Agreement?
A Business Associate Agreement (BAA) is a contract between a Business Associate (SLP Now®) and a Covered Entity (you) that outlines the relationship between the parties as it pertains to the protection of PHI. To help you fulfill your obligations as a covered entity under HIPAA, we have incorporated a standard form Business Associate Agreement into the terms and conditions you accept when using SLP Now®.
[5] Do I need to sign a Business Associate Agreement (BAA) directly with the cloud-based server provider?
No, you may wish to sign a BAA with SLP Now® when you sign up for services, but you are not required to sign a BAA directly with our cloud-based server provider.
For FAQs regarding FERPA and cloud-based solutions, please see the following guidance from the Department of Education: https://studentprivacy.ed.gov/sites/default/files/resource_document/file/FAQ_Cloud_Computing_0.pdf