FollowMyHealth and HIPAA

Last Updated: Sep 26, 2017 01:31PM CDT

The FollowMyHealth Universal Health Record is HIPAA-compliant in that it adheres to mandated encryption standards when receiving, sending, and storing a patient's health information.  When a provider invites a patient to create a UHR account, the provider makes that contact directly with the patient or, to the extent Allscripts assists in that process, Allscripts does so as a business associate of the provider, and pursuant to a HIPAA-compliant business associate agreement.  When a patient actually establishes a UHR account, that patient executes a HIPAA-compliant authorization directing his or her health care organization to disclose the patient's medical record information in electronic form to Allscripts, such that it can maintain the UHR on the patient's behalf.  Pursuant to the authorization (and Allscripts' privacy policy on the UHR website), the patient acknowledges that he or she has directed the release to the UHR and that and further disclosure of the information maintained on the UHR is not protected by HIPAA.  As FollowMyHealth is not a covered entity, HIPAA does not apply to it. 

For a less technical explanation, click here
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found