HIPAA Compliance

Pogo offers processes, forms, accounts, and data storage that are HIPAA compliant. According to the Health Insurance Portability and Accountability Act, all ePHI (electronic patient health information) must adhere to the following minimal standards:

  • Transport Encryption: Is always encrypted as it is transmitted over the Internet
  • Backup: Is never lost, i.e. should be backed up and can be recovered
  • Authorization: Is only accessible by authorized personnel using unique, audited access controls
  • Data Integrity: Is not tampered with or altered
  • Storage Encryption: Should be encrypted when it is being stored and archived
  • Disposal: Can be permanently disposed of when no longer needed
  • Omnibus/HITECH: Is located on the web servers of a company with whom you have HIPAA Business Associate Agreement
HIPAA Compliant Badge

Business Associate Agreement

Pogo provides a BAA (Business Associate Agreement) for all Durable Medical Equipment Suppliers and Home Health Agencies. You must Sign Up for an Account to receive a Signed copy from both parties.

When dealing with electronic patient health information, HIPAA makes it your legal responsibility to secure that data. Pogo provides a secure platform for collecting, hosting and working with ePHI.

HIPAA Compliant features:

  • 256 Bit SSL Encryption on your Forms
  • Data at Rest Encryption
  • Encrypted PHI in Notifications
  • End to End TLS / HTTPS Encryption
  • Automatic System Logoff
  • BAA and Confidentiality Agreements