Learn how to best utilize Curamei's functionalities to enhance quality of care.
Protecting User Data PrivacyPatients Providers
Because the Curamei platform works with patients, providers, and protected health information (PHI), it is critical that we take steps to abide by HIPAA. At its core, HIPAA is a regulatory scheme which seeks to ensure only authorized individuals and actors have access to this sensitive PHI. As such, we have made a handful of design and policy decisions.
To ensure only authorized persons have access to accounts, multi-factor authentication and social sign-in protocols have been instated so that more than just login credentials are needed for malicious actors to compromise user accounts.
Because patients are the only users that can specify providers' access to health data on their own Curamei account, the very design of the platform ensures only authorized providers can see health data of patients. To prevent the ease of malicious actors fradulently creating provider accounts, we require that provider accounts be associated with an appropriate National Provider Identifier (NPI) number and require provider users to upload photo ID. Suspicions of fraud can be reported to our contact form.
We have made sufficient efforts to ensure that health data stored in FHIR records and OAuth keys are stored securely within the cloud, thus ensuring the security of the actual data from destruction.
If you have further questions about the specific protections of HIPAA, plenty of information is available on the website of the Department of Health and Human Services. If you have specific questions for us, do not hesitate to use our contact form.