PHI SECURITY

The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) established a set of national standards for Protected Health Information (PHI). The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act (HIPAA). The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties. BPCI Tracker is committed to our clients’ security of information by establishing unique identification and access for each patient and healthcare provider (user). Our innovative tracking system avoids PHI as part of its monitoring process.

The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI). Enforcement Results (link).

Benefits of the Bundled Payments for Care Improvement (BPCI) initiative require “multiple services beneficiaries” to coordinate and share protected health information.  Traditional “in-house” patient tracking systems often do not meet security standards, increasing opportunity for privacy rule violation. The coordination of multiple participant tracking requirements is greater protected by BPCI Tracker’s consolidated system. Our system is designed to monitor and report patients’ health status to multiple healthcare participants, using a consolidated and easy to use platform.

BPCI Awardee Participant Groups:

    • Acute Care Hospitals
    • Physician Group Practices
    • Home Health Agencies
    • Inpatient Rehabilitation Facilities
    • Long-Term Care Hospitals
    • Skilled Nursing Facilities

BPCITracker.com is hosted with a HIPAA compliant data center. Please contact admin@bpcitracker.com for Business Associate Agreement (BAA) and/or further information on technical controls, backup management, safeguards and physical security policies in place, to verify that BPCITracker.com data is secured to industry standards.

BPCITracker is not able to verify if a site user is meeting their obligations under the laws applicable to HIPAA and privacy rule, and it remains our users’ obligation to understand the laws applicable to their use of the services and information provided to meet those obligations. It is the expectation that users implement necessary security measures to protect the sensitive healthcare information they work with.

For further information, please read BPCItracker’s terms & conditions.