HIPAA Security Compliance for Live Chat
Here is what you receive from Promptchat as a HIPAA chat server customer:
Hosted by Amazon (AWS) Webservices:
- A dedicated live chat server running on a dedicated IP address on AWS (See Amazon’s HIPAA compliance statement https://aws.amazon.com/compliance/hipaa-compliance/ )
- Exclusively used by your company (not shared by other customers)
- Access to the chat server’s databases is limited to one of our HIPAA trained technicians (no server database access credentials are provided to client)
- Web based customer management console for your system admin (chat server is limited to 200 accounts, domains and live chat operators)
- Live chat Software client for Windows Operating Systems (2 level hierarchy – User/Admin)
- Optional Web base chat client and Android, iOS Mobile Apps
- 2 hour remote desktop training session included in pricing
- Free Email/Ticketing/Live Chat support for the duration of the contract
The paperwork which needs to be signed between us and you:
- BAA Agreement (HIPAA Business Associate Agreement)
- NDA Agreement (HIPAA None Disclosure Agreement)
- If any subcontractors are involved than a Subcontractor Agreement
- Provide us with proof of your firm’s HIPAA training certificate
- Setup Service; $1,000 one off fee
- Monthly hosting of the chat server; $100 recurring monthly fee (included 200 live chat accounts)
- Optional Web based chat client and Android/iOS mobile apps per pricing on http://support.fliber.com
What to do next:
- Contact us for a live remote desktop software demo and discussion
- Order the HIPAA chat server Setup Service
- Sign relevant Agreements
- Create a subdomain such as chat.yourcomapny.com and point it to the IP address provided in your order confirmation
- Purchase an SSL certificate for the subdomain where your chat server is hosted (chat.yourcompany.com) and send it to us together with the SSL key (Promptchat via it’s partner can provide SSL certificate upon request)
Promptchat’s HIPAA compliant live chat software option
The health insurance portability and accountability act (HIPAA) has set various guidelines, which should be adhered to by anyone who handles any electronic medical data. Promptchat offer self hosted chat servers which you can plug in to your existing hosting environment so your medical data never goes through the Promptchat servers. In addition, we can offer the HIPAA package, an optional add on to any chat server purchase, allowing your live chat communication to become fully HIPAA compliant.
There are 5 standards listed under the Technical Safeguards section.
- Access Control
- Audit Controls
- Transmission Security
When you break down the 5 standards there are 9 things that you need to implement.
Access Control – Unique User Identification (required): Assign a unique name and/or number for identifying and tracking user identity.
Access Control – Emergency Access Procedure (required): Establish (and implement as needed) procedures for obtaining necessary ePHI during an emergency.
Access Control – Automatic Logoff (addressable): Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
Access Control – Encryption and Decryption (addressable): Implement a mechanism to encrypt and decrypt ePHI.
Audit Controls (required): Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.
Integrity – Mechanism to Authenticate ePHI (addressable): Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.
Authentication (required): Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed.
Transmission Security – Integrity Controls (addressable): Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of.
Transmission Security – Encryption (addressable): Implement a mechanism to encrypt ePHI whenever deemed appropriate.
This article is not a definitive list of what is required for HIPAA compliance; you should assign a Privacy Officer to review each rule in its entirety. This article is intended to point you in the right direction.
Promptchat’s HIPAA compliant live chat server option is available from July 2015 and meets the Privacy and Security requirements laid out in the most recent HIPAA rules.
Safety HIPAA Certification