Privacy FAQs
      Back to home
      1. Trust Centre
      2. Privacy
      3. Privacy FAQs

      Confidential Patient Information and HIPPA

      How does Simana deal with patient identifiable data?

      For customers in the healthcare sector, security of the health information of patients is a principle concern.

      Confidential Patient Information is information that both identifies the patient, and includes some information about their medical condition or treatment. In the United States, it is generally referred to as Protected Health Information (PHI).

      If data contains information about medical treatments or conditions along with demographic data that could identify the patient, this is confidential patient information.

      Simana is not designed to accept or store confidential patient information, and as such it should not be entered. The datasets used in improvement work are generally aggregated from a population so there is no requirement to add information about individual patients.

      Our User Terms of Use (agreed to by all users of the system) prohibit the entry of confidential patient information into Simana.

       

      What is HIPPA?

      The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US Federal legislation that provides data privacy and security provisions for safeguarding medical information. HIPAA includes provisions to protect the security and privacy of protected health information (PHI). PHI includes a very wide set of personally identifiable health and health-related data, including insurance and billing information, diagnosis data, clinical care data, and lab results such as images and test results.

      HIPAA was expanded in 2009 by the Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA and HITECH establish a set of federal standards intended to protect the security and privacy of PHI.

       

      Is Simana HIPAA compliant?

      Simana is not HIPAA compliant, but it doesn't need to be due to the fact that it no patient identifiable data are required to be entered into Simana.

      That said, we take security extremely seriously and there is a robust security setup in place. We use Amazon Web Services as our hosting partner. Further details of the compliance programs in place can be found here: AWS compliance.

      You can read more about our own security policies and procedures HERE