Yes! ChiroUp developed the digital survey functionality with HIPAA compliance in mind. HIPAA permits the use of electronic communication methods to communicate with patients as long as reasonable safeguards are implemented when doing so.
HIPAA requires covered entities and business associates to:
- Ensure the confidentiality, integrity, and availability of all ePHI that is created, received, maintained, or transmitted
- Identify and protect against threats to ePHI security or integrity
- Protect against impermissible uses or disclosures
- Ensure employee compliance
ChiroUp maintains appropriate administrative, physical, and technical safeguards to provide for the continuing security of your patient's ePHI. Below explains the technical controls ChiroUp has implemented to safeguard ePHI in relation to the digital survey functionality.
How a digital survey is transmitted to a patient via email and SMS:
1a) A user selects email as the digital survey delivery method. The email is encrypted in transit via Transport Layer Security (TLS). TLS encryption protects email communications from being read, copied, or altered by attackers in transit.
1b) A user selects text message (SMS) as the digital survey delivery method.
2) The patient receives an email or text message with a unique HTTPS URL. HTTPS adds an encrypted layer of protection, applying TLS to your browser's communications with the website, which ultimately hides the information being sent back and forth. The unique HTTPS URL brings the patient to a verification-code-protected page. (Learn more here)
3) The patient is prompted to select whether they want a verification code sent to their email or mobile number. The verification code adds an extra layer of authentication.
4) The patient enters the 5-digit verification code they received via SMS or email.
5) If the verification code matches the one sent, the patient will have access to complete and submit the digital survey.
6) After the patient submits the digital survey, the URL permanently expires.
7) The patient's digital survey responses are encrypted with TLS at the user's computer, then transferred and stored securely in the patient's record within ChiroUp. The patient's survey responses and other PHI are encrypted at rest.
*Note: The responses will not be saved if the patient does not submit the survey - meaning that if the patient reaccesses the secure URL, they will have to restart the digital survey.
*Note: If the digital survey is not submitted within 7 days of delivery, the unique URL will no longer be accessible.
How a digital survey is accessed via a kiosk:
Pairing the kiosk:
1) A user pairs a kiosk device by navigating to the Kiosks tab within their password-protected ChiroUp account.
2) Within the Kiosk tab, the user will be provided a secure HTTPS URL that they must navigate to on their kiosk to begin the pairing process. The URL will bring the user to a page they will generate a 5-digit pairing code.
3) The user must enter the 5-digit pairing code generated on the kiosk in their ChiroUp account.
4) If the pairing code entered in ChiroUp matches the pairing code generated on the kiosk, the kiosk will successfully pair with the user's ChiroUp account. The kiosk will then appear in a log within ChiroUp, and users will have the ability to disconnect paired kiosks.
5) Once a kiosk is successfully paired, it will have access to the ChiroUp kiosk website and its functionality.
*Note: Kiosk pairing codes expire within 5 minutes of generating them.
*Note: A kiosk can only be added to a ChiroUp account if a user has access to the account.
Using the kiosk:
1) A patient can access incomplete surveys on the clinic's kiosk by "logging in" on the secure ChiroUp kiosk website with their mobile number. The kiosk website is an HTTPS URL. HTTPS adds an encrypted layer of protection, applying TLS to your browser's communications with the website, which ultimately hides the information being sent back and forth.
2) If the mobile number entered matches the mobile number within the patient's record, the patient will have access to complete their outstanding surveys on the kiosk. The patient has 5-minutes to complete their surveys before the screen times out
3) The patient's digital survey responses are encrypted with TLS at the kiosk, then transferred and stored securely in the patient's record within ChiroUp. The patient's survey responses and other PHI are encrypted at rest.
*Note: You can only access the secure kiosk login page if you have connected your kiosk to your ChiroUp account.
*Note: A kiosk is intended to be used in-clinic with staff supervision.
*Note: A patient must have their mobile number stored in their patient record to use the kiosk functionality. It is your responsibility to ensure that patient contact information is accurately entered.