HIPAA Compliance

The most commonly asked question is: "How does NPAR address HIPAA issues?"

HIPAA expressly permits the sharing of patient medical records for treatment purposes, subject to patient consent and appropriate safeguards. NPAR™ is designed to be fully HIPAA-compliant.

Patient Consent

Existing patient consent forms generally cover exchanges of patient records for treatment purposes. NPAR provides a sample release form for our client facilities to examine.

NPAR also incorporates an opt-out feature that blocks the records of patients who decline to execute a release form.

Legal Assurances

NPAR enters into a Business Associate Agreement with each client facility. Among other obligations, NPAR will:

• Use appropriate safeguards to prevent unauthorized use or disclosure of Protected Health Information ("PHI"),
• Implement appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI,
• Report any inappropriate use or disclosure of PHI to our client facilities,
• Allow our client facilities to view the data they provided to NPAR,
• Allow our client facilities to examine our policies, procedures, and records pertaining to Protected Health Information.

As part of the NPAR subscription agreement, each client facility agrees to use the data in NPAR for treatment purposes only. There is a reminder to that effect on the user login screen.

IT Security

NPAR provides multiple levels of IT security, to help preclude inadvertent exposure of PHI and to detect inappropriate usage:

• Passwords are required in order to access patient data,
• Secure network connections are used for all data transfers,
• NPAR's Upload Manager hashes and encrypts SSNs before they are sent to the NPAR server,
• NPAR logs all user activity, and
• NPAR servers are located in a hardened facility with redundant power, network connections, and HVAC, with a 24/7 staff that can address any hardware failure in under one hour.