Adaptive Telehealth

Streamline, Manage and Scale Your Business with a HIPAA-Compliant Telehealth Platform, Training, and Coaching Focused for Health & Wellness Professionals.

HIPAA Compliance HS

    Why Adaptive Telehealth?

    Telehealth offers greater flexibility for both the patient and provider.

    Since transporation is no longer an issue for patients:

    • Patients won’t have to leave work for an extended period of time or find childcare
    • Those that are anxious to seek mental help due to fear and stigma may find it easier to reach out via telehealth
    • Those with mobility issues or who may be ill will not have to leave the comfort of their home.

     

    Mental Health Providers can fill in no-show appointment blocks with telemental health visits.

    Build a customized solution to fit your needs.

    Guide us through your workflow and let Adaptive Telehealth’s experienced team provide you with ways to automate your telemental health workflows to reduce paperwork and optimize your entire program.

    — From clinical processes to business operations
    — All on a HIPAA Compliant Platform.

    Adapt

    Our digital solutions adapt to your needs to streamline and optimize your workflows. Choose from over 150 features and microservices to make your current platform work for you.

    Create

    Let us create a telemental health platform that meets your business and clinical needs. Do everything on one HIPAA-compliant workspace.

    Integrate

    Streamline your workflows. Seamlessly integrate telehealth into your EHR. Create treatment teams in a HIPAA-compliant environment. Click to discover the possibilites.

    We are Telemental Health experts providing telemental health consulting, telehealth training, and technical assistance services:

    Implement

    Let us show you how to implement a telebehavioral health program

    Review

    Let us review your existing program and offer insights on how to make it more efficient, reduce redundant paperwork, and adapt to your unique needs

    Technical Assistance

    Have telehealth/telemental health equipment or software and don’t know where to begin? We can help!

    Training

    We invite you to review our telehealth training courses or we can customize a course to meet your needs.

     

     

    Adaptive Telehealth Takes HIPAA Compliance Very Seriously

     

    There is a lot of confusion in the marketplace about HIPAA compliance and telehealth software. Technically speaking, the software cannot be HIPAA compliant because the software itself is not a “Covered Entity”. A covered entity is a person or an organization. When software states they are “HIPAA Compliant”, they are most often referencing their encryption of data and their willingness to sign a BAA.

    HIPAA compliance involves much more than encryption and a BAA. It is a comprehensive program of administrative, physical and technological controls (encryption is just one). These controls mentioned work together to protect the electronic Protected Health Information (PHI) under the Final HIPAA Omnibus Rule.

    Adaptive Telehealth goes beyond what many other software companies do to comply with HIPAA security. Adaptive Telehealth has been a leader in HIPAA compliance from its inception in 2013. The Adaptive Telehealth platform has passed extensive scrutiny from multiple state governments and healthcare organizations because of our administrative, physical and technical controls, privacy policies and security-minded corporate culture.

    The founder, Jay Ostrowski, developed the platform in response to the lack of truly HIPAA-secure software platforms and regularly provides HIPAA compliance training SAMHSA grantees, HRSA grantees, and Telehealth Resource Centers. Adaptive Telehealth maintains the following compliance measures by default. We also add security measures for enterprise clients upon request in order to meet the risk requirements of each enterprise client.

    Adaptive Telehealth servers are located in the United States in a SOC 2 Certified Data center that specializes in HIPAA compliance. Our servers are continuously monitored 24-7-365 by human security specialists and have multiple firewalls configured for added security. The servers are back-up daily to an offsite sister SOC2 certified data center. Data in all servers with PHI are encrypted in transit and at rest. Both server locations have redundant internet, and redundant power (diesel power generators with 30 day fuel reserves). Access to the physical servers requires several layers of security confirmation including, but not limited to biometric verification, fingerprint matching, and security codes.

    Here are some of Adaptive Telehealth’s security measures:

    Physical Security
    • Data Center Entry: Dual-factor authentication In order to enter the data center, a person must have:
      • Prior authorization from management
      • Be on the approval list
      • Have the approved access code
      • Two forms of personal identification; and
      • Their identity confirmed using the biometric fingerprint scanner.
    • Visitor logging and auditing – The entries in the logbook must directly match the video surveillance tapes. An independent audit confirms the match of visitor logs with the video archives.
    • Video surveillance – Video logs kept for 90 days.
    • Procedure Documentation – Documentation for the procedure to allow access by unannounced visit, phone call, or email.
    • Annually, the data center undergoes a HIPAA audit by a 3rd party entity. The data center has passed with a 100% compliance rating. Audits are performed using the OCR Audit Protocol.
    Administrative Safeguards
    • Business Associate Agreement signed
    • Required annual HIPAA staff training, assessment, and regular staff security reminders
    • Annual Risk Assessment conducted
    • Audits are performed using the OCR Audit Protocol.
    • Annual data center HIPAA audit by a 3rd party (passed with a 100% compliance rating).
    • Disaster preparedness and disaster response plans, contingency data access plans
    • Privacy Officer assigned security responsibilities
    • Policies and procedures for information access controls (minimal use policy)
    • Security incident procedures and Breach Notification Plan
    • Regular risk evaluation, risk mitigation plans, and monitoring processes
    • Business Associate Agreement with contracted users
    Data Security

    All 18 types of electronic Private Health Information (ePHI) are protected by several means including:

    • Access Control – Unique user identification, emergency access procedure,
    • Automated log out after 10 minutes of inactivity and screen blanked after 5 minutes of inactivity
    • Centralized logging; OS change management and patch management
    • IPS/IDS Protection
    • 256-bit encryption in-transit and integrity controls
    • Data encryption at rest
    • Data encryption in transit
    • Password requirement: 8 digits, symbol, upper case, lower case, and number (can be increased)
    • Antivirus and anti-malware updated regularly
    • OS patch and change management
    • Dedicated HIPAA-compliant Firewall
    • Web application firewall
    • Dual factor VPN for root access
    • Daily offsite file-level backup with 14-day retention with the same type and security protections
    • Back up data: Encryption at-rest and 256-bit encryption in-transit to a backup site

    Contact us if you need assistance with the provider side of HIPAA Compliance.

    Contact Us

     

    Zoom Video Calls Using Adaptive Telehealth’s Self-Hosted Service Are HIPAA-Compliant

    To make Zoom HIPAA-compliant, all Adaptive Telehealth Zoom video calls originate from the Adaptive Telehealth self-hosted version of Zoom when they originate from within Adaptive Telehealth.

    The Zoom security configuration is unique to Adaptive Telehealth

    Adaptive Telehealth worked with Zoom many years ago to modify the Zoom software on the Adaptive Telehealth HIPAA-compliant servers. We modified the receiving code at Zoom corporate office for the Adaptive Telehealth account. This is so that Zoom could still receive usage reports, but without also receiving electronic Protected Health Information (ePHI). With these modifications, no ePHI is sent to Zoom from Meeting Connector on Adaptive Telehealth servers. This took many months of development.

    Our verification of this security came through packet sniffing to trace internet transmissions. We also made patient support calls to Zoom asking for assistance. We were told that they cannot help us because they cannot view our identity (our desired result). Adaptive Telehealth patients are supported through Adaptive Telehealth directly or by the customer if they choose.

    Note that we do permit the sending of the IP and user identity of the provider to Zoom because this is not ePHI. These users can be supported by Zoom directly if they wish or through Adaptive Telehealth support.

    This explanation is not meant to disparage Zoom. We like Zoom. Rather, it is important to know the extensive work Adaptive Telehealth has done to keep Protected Health Information from Zoom, Zoom’s marketing partners like Facebook, Google, or any other third party that do not have a Business Associate Agreement (BAA) with our customer.