Learn how to best utilize Curamei's functionalities to enhance quality of care.
Health data is extremely sensitive, and we have made a special effort to respect the privacy of users and abide by appropriate regulations which guide how health data can be exchanged and stored. For details on the specific ways in which your user data may be collected and used, please refer to our privacy policy.
Because the Curamei platform works with patients, providers, and protected health information (PHI), it is critical that we take steps to abide by HIPAA. At its core, HIPAA is a regulatory scheme which seeks to ensure only authorized individuals and actors have access to this sensitive PHI. As such, we have made a handful of design and policy decisions.
To ensure only authorized persons have access to accounts, multi-factor authentication and social sign-in protocols have been instated so that more than just login credentials are needed for malicious actors to compromise user accounts.
Because patients are the only users that can specify providers' access to health data on their own Curamei account, the very design of the platform ensures only authorized providers can see health data of patients. To prevent the ease of malicious actors fradulently creating provider accounts, we require that provider accounts be associated with an appropriate National Provider Identifier (NPI) number and require provider users to upload photo ID. Suspicions of fraud can be reported to our contact form.
We have made sufficient efforts to ensure that health data stored in FHIR records and OAuth keys are stored securely within the cloud, thus ensuring the security of the actual data from destruction.
If you have further questions about the specific protections of HIPAA, plenty of information is available on the website of the Department of Health and Human Services. If you have specific questions for us, do not hesitate to use our contact form.