In a July 2018 letter to ANCOR, CMS (Centers for Medicare & Medicaid Services) confirmed EVV systems “are subject to HIPAA privacy and security protections”. HIPAA compliance will impact the range of EVV systems available to providers to choose from. As not all vendors will permit PHI (Protected Health Information) to be stored at their data centers, EVV systems need to comply with three sets of regulations:
- The 21st Century Cures Act
- Additional state-regulations
The identity of clients, services delivered, and documentation will need to be protected by technical security that meets HIPAA standards, as well as HIPAA training for staff managing EVV PHI data at both the provider and software vendor.
For more information on EVV compliant time and attendance solutions, download the myAttendance fact sheet. In addition, providers need to consider BYOD (Bring Your Own Device) policies. For more information, download this eBook, How Agencies Should Implement a BYOD (Bring Your Own Device) Program.