All providers will complete mandatory HIPAA training at the time of onboarding and annually. We provide more details about HIPAA in our Compliance Plan. Here are a few things to remember:
-
As a covered entity, you'll need to make sure that your email is HIPAA compliant. Please read this article for best practices for HIPAA-compliant email services. For example, many providers who contract with Rula use ProtonMail, HushMail, MailHippo, or Google Workspace (with a BAA).
- Be sure you keep your remote work environment HIPAA compliant. Household members should never hear your sessions or see patient information. Patients are entitled to the same level of privacy during telehealth sessions as they would receive during in-person care, and providers are ethically obligated to maintain patient privacy. Therefore, you'll need to conduct telehealth sessions in a private location where patient privacy is assured, and others will not overhear the call.
- Providers are prohibited from downloading or printing patient records.
-
Rula is the custodian of the record. Therefore, records can only be released to patients by our Medical Records team, records@rula.com.
-
Rula promotes a supportive and "just" culture of compliance where we constantly learn and work to improve our system and processes. To self-report any HIPAA violations or concerns, please contact privacy@rula.com or use the Compliance Hotline to file a report.
-
All registered patients have provided consent for Rula to call, text, and email them without encryption. Details are available here.
- The phone and the internet are data conduits that do not require a BAA or additional HIPAA security controls. Your phone is considered HIPAA secure as long as you use a password on your mobile device. In addition, a covered entity is not responsible for the privacy or security of individuals' health information once it has been received by the individual's phone or other devices.
- Some providers set up a Google Voice or Grasshopper number if you prefer to use something other than a personal cell phone.
- Rula does not endorse the use of any specific email or phone service.
Updated