HIPAA Considerations¶
Data security is essential for all cloud-based systems and Volgistics takes protecting your information very seriously. We follow industry best practices, and use state-of-the-art firewalls, data encryption, and more to keep your information safe. You can learn more in the System Security help topic. In addition, our Privacy Policy strictly limits who can view the information in your account as well as how it can be used.
This help topic is designed to help you decide if Volgistics meets the Health Insurance Portability and Accountability Act (HIPAA) compliance requirements at your organization. When you are making this decision, it's important to remember that there are different types of sensitive information.
- Protected Health Information (PHI). PHI is information related to a patient's medical condition such as the patient's diagnosis, treatment plan, and medications. PHI can also be considered information related to the patient's care such as insurance claim, enrollment, eligibility, payments, and coordination of benefits information. This type of information is protected under HIPAA and any computer or database used to store or transmit PHI must meet certain standards set by the federal government.
- Personal Identifiable Information (PII) or Protected Personal Information (PPI). PII or PPI is basically any information about an individual that is not known to the general public such as social security numbers, driver's license numbers, or even the volunteer's date of birth. This type of information should be stored in a secure manner, but is not subject to HIPAA regulations.
Volgistics is designed to track and manage information about volunteers--not patients. As such, the system is not a Covered Entity under HIPAA and should not be used to store, process, or transmit HIPAA protected information such as PHI. When Volgistics is used only for its intended purpose of managing volunteer information, organizations can meet all HIPAA requirements.
Is storing the information in Volgistics necessary?
A simple way to limit the risk when storing volunteer information is to decide if the information must be stored in Volgistics. Volgistics does not require that you store any sensitive information about your volunteers in the system. Account holders customize any fields needed for the additional information so organizations have complete control over what information is stored in their account.
In many cases, if the information is only needed once, it does not need to be stored in Volgistics. For example, if the volunteer's driver's license number or social security number is only needed for background checks, using Verified First (Volgistics' integrated background screening service) eliminates the need to store the information in Volgistics. The volunteer submits the information directly to Verified First so your organization is not responsible for maintaining the information's security.