The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) governs many aspects of health care delivery. Of concern to Viva and its Clients are two elements of HIPAA, the “Privacy Rule” and the “Security Rule.”

The HIPAA Privacy Rule regulates the use and disclosure of Protected Health Information (“PHI”) held by a covered entity (Viva’s Client). PHI is any information held by a covered entity which concerns health status, provision of health care, or payment of health care that can be linked to an individual. PHI is interpreted broadly, and includes everything in a patient’s medical record or payment history – including their name and address.

The Security Rule complements the Privacy Rule related to PHI, and relates solely to Electronic Protected Health Information (“EPHI”). The Security Rule requires that a recipient of EPHI must have three types of security safeguards in place: (1) administrative, (2) physical; and (3) technical.

Viva’s Clients are allowed to share their PHI with Viva, because Viva is a Business Associate. Part of the Viva new Client package is a Business Associate Agreement.

As a Business Associate, Viva protects your patient’s PHI. This protection is overseen by Viva’s in-house attorney, who also serves as Viva’s HIPAA Privacy and Security Official. Questions about Viva’s HIPAA program can be sent by email directly to our Privacy and Security Official.Legal Contact

Viva maintains a Security Manual, conducts regular Risk Assessments, and maintains a HIPAA Training Program and Sanctions Policy. Technical Elements of Viva’s HIPAA program is overseen by our IT Department. These technical efforts include encryption of PHI and password protecting access to PHI.