PortlandLabs is proud to announce that Concrete CMS Hosting can now store and process Health Care information in accordance with the U.S. Health Insurance Portability and Accountability Act (HIPAA).
In other words, Concrete CMS Hosting is compliant with the HIPAA Security Rule (storage of health care data) and HITECH (transmission of health care data). The HIPAA Security Rule demands that safeguards be implemented to ensure the confidentiality, integrity, and availability of PHI.
This means that websites and intranets using Concrete CMS Hosting can now have health care related form fields on their webpages and can now upload forms containing health care information.
Even better, all data stored and transmitted by your website or intranet residing in Concrete CMS Hosting is protected to HIPAA standards. Even if your website or intranet does not collect Protected Health Care Information (PHI), your customer and/or company data is protected as if it were PHI!
Does your company operate outside of the US or have customers who come from outside the US? Foreign health care regulations, such as PIPEDA in Canada, are more broad than the US HIPAA and HITECH. Concrete CMS Hosting is compliant with these regulations too! Information uploaded directly by individuals are included in these foreign regulations. Every airline, cruise line and travel agency asking about allergies and pregnancy status is collecting health care information! Every summer camp and school needing to ask about diabetic insulin requirements and special needs is collecting health care information! HR departments collecting disability information for recruiting or tax credits are collecting health care information. Etc etc.
Users of Concrete CMS Hosting who are collecting PHI in the U.S. or who plan to do so should contact either their PortlandLabs account rep or security@concretecms.com so that we can enter into a “Business Associate Agreement” (BAA). This is a fancy name for a document we both sign outlining what we each have to do in order to protect the health care information you are collecting on your customers.
Your organization will still be responsible for following the HIPAA and HITECH rules when you pull the health information out of your website into your own storage systems. You are also responsible for following the HIPAA privacy rule.The HIPAA Privacy Rule places limits the uses and disclosures of PHI.
Concrete CMS Hosting commits to store your site’s heath care information safely and will protect your data both when collecting it and when sending it to you. We will never share your data with anyone without your express written permission unless required by law.
You can request copies of any of our compliance documentation such as our HIPAA report, SOC 2 Type 2 (Security & Availability) report, or our ISO 27001 certificate if you are a Concrete CMS Hosting customer. Ditto if you are interested in hosting your website or internet with the founders and maintainers of Concrete CMS! Try out our free demo!