.png)
We take privacy and security very seriously at Curio and have implemented the following measures to ensure that patient-sensitive data is protected when using any of our applications.
Protected Health Information, or PHI, is the formal term for data that can be used to reveal a patient’s identity. Under the HIPAA Privacy Rule, information that relate to the following is protected:
The context of such information is important for determining whether it is considered PHI. If names, address, or phone numbers were reported individually (such as in a phone directory), it would not be considered PHI as it is not associated with health data. However, similar information associated with health documentation would classify it as PHI.
To provide the level of quality output patients and healthcare workers require, we need to use and sometimes save patient data. However, this should not come at the cost of loss of control. Wherever we need to use an individual’s data for our products, we ask for permission, and we utilize the minimum required for delivery of the task.
As a company that provides software to covered entities (health delivery organizations, health plans, research organizations, etc.), we take HIPAA compliance seriously.
Whenever possible, we design our software so that it does not require integration with PHI data stores (EHRs, for example). In these situations, we collect only minimal data to separate identifiable information from individuals. When implementation is required or desired, we ensure proper compliance with HIPAA and the Omnibus rule.
We will sign a Business Associate Agreement (BAA) for organizations allowing access to PHI via integration of our software.
Like all other software companies, we use services provided by other software companies. A typical example is the use of cloud services. For contracts that involve PHI, we only utilize third-party services from organizations with whom we have signed a BAA (see above).
.png)
