You cannot copy content of this website, your IP is being recorded.

What Makes PatientGain HIPAA‑Compliant?

What Makes PatientGain HIPAA‑Compliant?

Key Components of PatientGain’s HIPAA Compliance

1. Business Associate Agreement (BAA)

A BAA is a legally required contract between a covered entity and a business associate. PatientGain provides a standard Business Associate Agreement (BAA) to its customers, which legally obligates PatientGain to protect PHI in accordance with HIPAA regulations. This is a fundamental requirement for any vendor handling PHI on behalf of a healthcare practice. 

Example of HIPAA compliant SPOC app – Singe Point of Contact, covered by the BAA provided by PatientGain to healthcare practices. This app is included individually for your healthcare website, or a part of the PLATINUM monthly service.

Example of HIPAA compliant SPOC app - Singe Point of Contact, covered by the BAA provided by PatientGain to healthcare practices. This app is included individually for your healthcare website, or a part of the PLATINUM monthly service.
Example of HIPAA compliant SPOC app - Singe Point of Contact, covered by the BAA provided by PatientGain to healthcare practices. This app is included individually for your healthcare website, or a part of the PLATINUM monthly service.

2. Secure Infrastructure and Hosting

PatientGain’s platform and applications are hosted on secure cloud infrastructure, primarily Amazon Web Services (AWS), which is designed to be compliant with HIPAA and HITECH standards. 

  • Data Encryption: ePHI is protected using encryption both “at rest” (when stored) and “in transit” (when transmitted, e.g., via HTTPS/SSL).
  • Secure Storage: Patient data collected through PatientGain apps, such as their CRM, is stored on secure, HIPAA-compliant servers, not in less secure locations like standard website database tables (e.g., in WordPress itself). 

3. Technical Safeguards

PatientGain employs several technical controls to secure ePHI within its software and systems:

  • Access Controls: Access to PHI is strictly limited through role-based access controls, ensuring that only authorized personnel can view or manage sensitive information based on their job functions. Shared logins are not permitted.
  • Audit Logs: The platform maintains audit trails that record user activity, enabling the monitoring of access to PHI and helping to detect potential security breaches.
  • Secure Communication: All patient communication (e.g., via secure forms, SMS/texting, chatbots) is handled within an encrypted environment to prevent unauthorized interception. 

4. Administrative Safeguards

PatientGain implements internal policies and procedures to enforce compliance:

  • Staff Training: All PatientGain staff members are required to undergo regular HIPAA security and privacy training.
  • Background Checks: All staff members are subjected to background checks.
  • Security Audits: PatientGain conducts regular self-audits and security log reviews to identify and mitigate vulnerabilities. Security logs are reviewed by 2 different staff members.

HIPAA-Compliant Services

PatientGain integrates these compliance features into specific services designed for the healthcare industry, such as:

  • HIPAA-Compliant Web Forms: Forms used to collect patient information (like appointment requests or medical history) are secure and encrypted.
  • Marketing Automation and CRM: The PatientGain CRM stores prospective and existing patient information securely, allowing for compliant marketing and communication activities, such as automated reminders, provided patient consent is obtained.
  • Secure Patient Portals/Communication: Features like secure messaging and virtual assistants are built to ensure the secure exchange of information between providers and patients. 

By implementing these comprehensive technical, administrative, and contractual measures, PatientGain aims to provide a platform that allows healthcare practices to manage patient engagement and marketing while adhering to federal HIPAA standards.

PatientGain is a medical marketing automation platform designed for healthcare practices. It helps attract new patients, improve patient engagement, and streamline marketing efforts through a combination of AI and digital automation. The platform is HIPAA-compliant and includes services like website development, SEO, and patient communication tools. PatientGain aims to help practices manage their online presence and grow their business in a competitive healthcare mark

Example of HIPAA compliant primary care website, covered by the BAA provided by PatientGain to healthcare practices. This high performance healthcare website is a part of the PLATINUM monthly service.

Example of HIPAA compliant primary care website, covered by the BAA provided by PatientGain to healthcare practices. This high performance healthcare website is a part of the PLATINUM monthly service.
Example of HIPAA compliant primary care website, covered by the BAA provided by PatientGain to healthcare practices. This high performance healthcare website is a part of the PLATINUM monthly service.