Learn

The latest research, insight, and learnings in supportive cancer care.

How Do We Protect Health Information?

We take privacy and security very seriously at Curio and have implemented the following measures to ensure that patient-sensitive data is protected when using any of our applications.

What is Protected Health Information?

Protected Health Information, or PHI, is the formal term for data that can be used to reveal a patient’s identity. Under the HIPAA Privacy Rule, information that relate to the following is protected:

  • the individual’s past, present, or future physical or mental health or condition,
  • the provision of health care to the individual, or
  • the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Protected health information includes many common identifiers (e.g., name, address, birth date, Social Security Number) when they can be associated with the health information listed above.

The context of such information is important for determining whether it is considered PHI. If names, address, or phone numbers were reported individually (such as in a phone directory), it would not be considered PHI as it is not associated with health data. However, similar information associated with health documentation would classify it as PHI.

Patient Empowerment Means Asking for Patient Permission

To provide the level of quality output patients and healthcare workers require, we need to use and sometimes save patient data. However, this should not come at the cost of loss of control. Wherever we need to use an individual’s data for our products, we ask for permission, and we utilize the minimum required for delivery of the task.

HIPAA Compliance

As a company that provides software to covered entities (health delivery organizations, health plans, research organizations, etc.), we take HIPAA compliance seriously.

Whenever possible, we design our software so that it does not require integration with PHI data stores (EHRs, for example). In these situations, we collect only minimal data to separate identifiable information from individuals. When implementation is required or desired, we ensure proper compliance with HIPAA and the Omnibus rule.

We will sign a Business Associate Agreement (BAA) for organizations allowing access to PHI via integration of our software.

Third-Party Services

Like all other software companies, we use services provided by other software companies. A typical example is the use of cloud services. For contracts that involve PHI, we only utilize third-party services from organizations with whom we have signed a BAA (see above).

Join Our Community Today

Members get the latest tips, guides, and resources to live better beyond your diagnosis, as well as access to members-only chats with Dr. Hillary Lin for personalized advice.

Thanks! You've been added to our newsletter.
Oops! Something went wrong while submitting the form.

Learn

The latest research, learnings, and insight on mental health, curated by Dr. Hillary Lin.

I'd like to find out

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

I'd like to find out

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

I'd like to find out

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

I'd like to find out

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Top Articles

No items found.

Ready to Transform Your Mental Health?

Get Started Today