HIPAA Compliance and Uber Health
Last month, Uber officially launched Uber Health – a service that allows you to set up transport for patients more straightforward and cost effective. The service should be of advantage for patients and providers alike, although questions have been heard about HIPAA and whether Uber Health is HIPAA compliant.
What doe Uber Health do?
Uber Health includes an online dashboard that healthcare suppliers can use to schedule transport for their patients ahead of time. Once the patient has a mobile phone, he/she will receive an alert about the collection and drop off location via text message. Different to the standard Uber service, Uber Health does not need you to have a smartphone app.
By using Uber Health, healthcare suppliers can potentially minimize the number of no shows and ensure more patients attend on time for their appointments. Rides can be set up when the patient is in a facility, ensuring they have transport arranged for subsequent appointments. The service could also be implement by caregivers and staff.
The official launch of the platform happens following after a trial on around 100 healthcare groups, with the platform now made available to healthcare organizations of all sizes.
Can Uber Health be Deemed HIPAA Compliant?
Any HIPAA-covered group that signs up to use Uber Health would have to enter patient names and appointment times into the database, so before using the service a business associate agreement would need to be obtained. Uber is happy to sign BAAs with all participating healthcare groups.
Uber states on its website that Uber Health is HIPAA compliant and any data provided to the dashboard is protected by privacy and security controls in line with HIPAA standards. All data remains protected in the system, and the only data passed to its drivers is the name of the patient, the pickup and drop off time, and the collection point and drop off place, as with any taxi service. No protected health information is passed to the drivers.
Uber says it spoke with with Clearwater Compliance while creating the Uber Health service to ensure all requirements of HIPAA were satisfied. Uber has conducted HIPAA-compliant risk analyses and completed compliance assessments and has been found to be adhering to HIPAA Rules.
Once a business associate agreement is completed with Uber, Uber Health is a HIPAA compliant ride sharing service and can be implemented without breaching HIPAA Rules.