In early March, Uber stepped into healthcare with its launch of Uber Health, a service that collaborates with hospitals health systems to help transport patients to their medical appointments on time. But how is it handling HIPAA?
According to Norton Rose Fulbright lawyers Kim Gold and Alexis Wilpon, writing for Data Protection Report, Uber and physicians using its new service must be be careful of anti-kickback laws and patient privacy regulations.
Because healthcare providers use a digital dashboard to schedule rides for their patients, providers will pay the cost of each individual ride as opposed to a monthly subscription fee. Anti-kickback laws could come into play if a provider offers certain patients free or discounted rides. "Healthcare providers must be cognizant of their compliance obligations and familiar with the requirements of the federal anti-kickback statute safe harbor for ride-hailing services," Ms. Gold and Ms. Wilpon write.
Additionally, when it announced its Uber Health service, Uber noted that drivers will not be given any information that shows the passenger called the ride from Uber Health. This means Uber Health handles sensitive healthcare data for providers who are covered by HIPAA, and Uber Health operates as a HIPAA business associate, according to Ms. Gold and Ms. Wilpon. These business associates must comply with HIPAA requirements while still following other guidelines laid out in business associate agreements.
Uber Health said it is HIPAA compliant and offers HIPAA-trained support to maintain patient privacy and security. The company also said that because it encrypts rider information, patients' protected health information is hyper-secure when providers order rides.
More articles on cybersecurity:
Philips adds IoT, cloud, AI to product line
Harvard psychologist: AI fear-mongering is the Y2K of the 21st century
UC San Diego researchers apply AI to diagnose eye diseases: 4 things to know