HIPAA Compliance Information

VRI Direct is a HIPAA-compliant VRI platform that follows best practices in the storage and accessibility of protected health information (PHI) both at rest and in motion.  The following is a description of what HIPAA requires, how it relates to VRI Direct, and what VRI Direct does to maintain HIPAA compliance.

HIPAA Privacy Rule
The Privacy Rule endeavors to protect individuals' health information by preventing the transmission of PHI over open networks or downloading it to public or remote computers without encryption.  This rule is often referenced in conjunction with the term data in motion (data that is transmitted across a network, for example).

Because VRI Direct does not ask for any protected health information, nor does VRI Direct record or store audio, video or text chat streams, the risk of transmitting protected health information is low; however, VRI Direct understands the importance of maintaining HIPAA-compliant practices regardless of data type, and has instituted the following measures:
HIPAA Security Rule
The Security Rule requires covered entities such as VRI Direct to install administrative, physical and technical safeguards to protect electronic PHI. These safeguards include access controls, data encryption, and auditing in a manner that is commensurate with the associated risk.

Since VRI Direct does not directly ask for protected health information and does not record audio, video or text chat streams, VRI Direct's associated risk is low; however, VRI Direct remains sensitive to implementing practices that meet HIPAA requirements:

Article ID: 25
Created On: Fri, Dec 23, 2011 at 10:53 AM
Last Updated On: Sun, Nov 30, 2014 at 2:05 PM

Online URL: http://support.vridirect.com/article/hipaa-compliance-information-25.html