About two years ago Uber became aware of a need for reliable rides to doctor’s appointments for patients and their caregivers. But before its new division Uber Health could be launched, Uber recognized a major obstacle: complying with the Health Insurance Portability and Accountability Act, better known as HIPAA.
To prevent potential problems, Uber looked to a HIPAA compliance and cybersecurity firm, which performed a HIPAA risk analysis of everything surrounding Uber Health and its technology, as reported in HCA News.
“This was really about taking our time and doing it right,” said Lauren Steingold, senior strategist for Uber Health. “We wanted to find the right partner who would not only help us achieve HIPAA compliance but would help us understand HIPAA compliance and then maintain HIPAA compliance — and really get our team to be thinking in that way all the time.”
The results: For one, Uber Health, which providers use to book rides for patients, is off the ground. It also has completed pilot projects with roughly 100 partners. Broadly, the company has learned how to handle this particularly sensitive portion of its business.
Uber Health data, including all protected health information, are cordoned off from the rest of the organization, confined to a “very small team,” Steingold said. In an effort to keep prices affordable and drive times low, the company is using UberX drivers to transport patients to their appointments. Uber Health also encrypts data, both in transit and at rest.
A lot was at stake. Of 55 recent cases that the federal Department of Health & Human Services Office for Civil Rights marked for corrective action plans or settlement agreements, 41 involved electronic protected health information. But the steps taken by Uber Health have resulted in good news: Its healthcare organization partners are signing business associate agreements, a sign of their trust in the project and its data safeguards.
“We felt it was important to build a very robust HIPAA compliance program, not just check a box,” Uber Health’s Steingold said. o learn more about making your practice HIPAA compliant, visit HIPAAcraticRx.