Free Trial & Demo

Use Fluency Now free for 15 days! Download the trial & watch our video tutorials, or request a demo.

Free Trial    Free Demo

Fluency HIPAA and HITECH Overview

Fluency enables entities and their associates to leverage the secure Fluency environment to process, maintain, and store protected information. Fluency is able to support the HIPAA and HITECH regulations, as well as the ability to sign HIPAA Business Associate Agreements (BAAs) with customers. Fluency works hard to maintain our ongoing investment in enterprise security, compliancy and control for our customers.

What is HIPAA, HITECH Act and the Final HIPAA Omnibus rule?

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It is a federal mandate that requires specific security and privacy protections for Protected Health Information (PHI). More information around HIPAA can be found here: http://www.hhs.gov/ocr/privacy/index.html

HIPAA was expanded by the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was signed into law in 2009. HITECH was implemented to promote the adoption and meaningful use of health information technology in the U.S.

In 2013, the final HIPAA Omnibus rule set further statutory requirements, which greatly enhanced a patient’s privacy rights and protections, including holding all custodians of Protected Health Information (PHI) — including HIPAA Business Associates (BA) — subject to the same security and privacy rules as Covered Entities under HIPAA.

How does Fluency facilitate HIPAA compliance for its customers?

The Fluency environment meets the obligations required by HIPAA, HITECH, and the final HIPAA Omnibus ruling.

Fluency has a standard BAA we present to customers for signature. A signed BAA should be in place prior to storing any Protected Health Information (PHI) in the Fluency environment.

Customers are also responsible for enforcing policies in their organizations to meet HIPAA compliance.

Is Fluency HIPAA-Certified?

There are no official government or industry certifications for HIPAA compliance. In order to support HIPAA compliance, Fluency has reviewed the HIPAA regulations and updated its product, policies and procedures to support customers around their need to be HIPAA compliant.

How does Fluency support HIPAA compliance within its product and platform?

In addition to being able to sign HIPAA Business Associate Agreements (BAAs), Fluency has the following features in its product as well as organizational policies:

  • Data encryption in transit and at rest
  • Restricted physical access to servers
  • Strict logical system access controls
  • Configurable administrative controls available to the customer to:
  • Grant explicit authorization to customer files to read, download, edit, lock and password protect files
  • Reporting and audit trail of account activities on both users and content
  • Training of employees on security policies and controls
  • Employee access to customer data files are highly restricted
  • Greater than 99.5% uptime SLA

What types of customer and administrator controls does Fluency have that are relevant to HIPAA requirements?

  • Controls to provide reasonable assurance that only authorized individuals from the user entity are granted the ability to access, modify, and delete information from the application.
  • Controls to provide reasonable assurance that the user entity’s method for accessing the application is configured with proper logical security protocols.
  • Controls to provide reasonable assurance that the confidentiality of the user entity’s sensitive information is not compromised by its users.
  • Controls to provide reasonable assurance for defining and granting access to users permitted by the user entity.