FollowMyHealth and HIPAA

FollowMyHealth is HIPAA-compliant. It adheres to mandated encryption standards when receiving, sending, and storing a patient’s health information. When a provider invites a patient to create a UHR account, the provider makes that contact directly with the patient or, to the extent Allscripts assists in that process. Allscripts does so as a business associate of the provider, and pursuant to a HIPAA-compliant business associate agreement.

When a patient establishes a FMH account, that patient executes a HIPAA-compliant authorization directing his or her health care organization. To disclose the patient’s medical record information in electronic form to Allscripts, such that it can maintain the FMH on the patient’s behalf. Following the authorization (and Allscripts’ privacy policy on the FMH website), the patient acknowledges that he or she has directed the release to the FMH. Further disclosure of the information maintained on the FMH is not protected by HIPAA. As FollowMyHealth is not a covered entity, HIPAA does not apply to it.

For a less technical explanation, click here