Here's some basic information that might help you get a better understanding of what HIPAA is—and how it affects your direct mail.
HIPAA stands for the Health Insurance Portability and Accountability Act. Title 1 of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title 2 of HIPAA requires national standards for electronic health care transactions and includes the HIPAA Privacy Rule, which went into effect in 2003. The Privacy Rule regulates the use and disclosure of Protected Health Information (PHI). PHI is any information held by a “covered entity” which concerns health status, provision of health care or payment for health care that can be linked to an individual. A covered entity includes medical service providers, health insurers, employer health plans and healthcare clearinghouses.
A healthcare provider can use a PHI derived mailing list to send communications about its products or services. This means a healthcare provider can use its patient list to announce a new piece of equipment or service. Wellness programs generally do not fall under the HIPAA guidelines. For example, it's okay for a healthcare provider to send a flyer about its new weight loss program to all clients defined as obese, even if the treatment they received was not for obesity.
Design Distributors has completed a rigorous audit of our data security and general plan. As a result, we are now considered to be “HIPAA compliant.” This is an ongoing process and, as such, our company must continually improve and update our security. There's no such classification as “HIPAA certified.” Design Distributors has the security processes in place to handle data from organizations that maintain Protected Health Information (PHI). We followed the ISO 27001 standards for the framework to create our data management system.
Design Distributors is a secure facility. We have passed the rigorous audit process to become HIPAA compliant. This should give you the peace of mind that your data is safe. Our HIPAA compliance raises the bar on our data security and is in place for all of our clients, even those who do not fall under HIPAA guidelines but are concerned about their data.