1. What is HIPAA?

The Health Insurance Portability and Accountability Act was made part of Public Law (104-191) on August 21, 1996. Its main goal is to encourage health related organizations to establish standards and methods for securely transmitting and handling of sensitive health information (SEC. 261. PURPOSE).

You may find a copy in paper or electronic format of the Act from the National Registry and from the U.S. Department of Health and Human Services at the following address:




That document has the final authority of what applies to HIPAA and should be referred to it prior to making any decisions regarding compliance.

2. What are the important compliance dates?

As Congress required in HIPAA, most covered entities have until April 14, 2003 to come into compliance with these standards, as modified by the August, 2002 final Rule. Small health plans will have an additional year - until April 14, 2004 - to come into compliance.

The Secretary shall carry out section 1173 not later than 18 months after the date of the enactment of the Health Insurance Portability and Accountability Act of 1996, except that standards relating to claims attachments shall be adopted not later than 30 months after such date (SEC. 1174. TIMETABLES FOR ADOPTION OF STANDARDS).

3. Is HanDBase HIPAA certified?

It is a common misconception that office tools including fax machines, computer hardware and software, networking peripherals, handheld devices and software, must comply with HIPAA.

The Act only applies in whole or part to the following entities:

A health plan
A health care clearinghouse
A health care provider who transmits any health information in electronic form in connection with a transaction referred to in SEC. 1173 (a)(1)

Handheld software, such as HanDBase is not part of any of the above entities, however, it can be a valuable tool in assisting the before mentioned in becoming HIPAA compliant (SEC. 1172. (a) APPLICABILITY).

4. How can I use HanDBase in a manner that enables me to comply with HIPAA patient privacy requirements?

The Act contains guidelines on what information is to be considered private and should be handled carefully (SEC. 264. RECOMMENDATIONS WITH RESPECT TO PRIVACY OF CERTAIN HEALTH INFORMATION). As your organization establishes rules and policies for safekeeping that data HanDBase can become an important tool in keeping such data safe.

Patient health and billing records can be safely transported between a practice location to another, whether it's a hospital, a private office, a health related organization or associated business. The data within the handheld can be password locked and additionally encrypted, using HanDBase's high grade encryption algorithms.

Data can be referenced at any location via a handheld by using HanDBase's local un-encryption and password un-locking mechanisms without requiring the user to be at their desktop computer's location. In the event of handheld loss or misplacement, the data is safe with a double locking mechanism.

5. Tips and Suggestions

The following items may enhance the security of your data (for information on configuring these settings on HanDBase, please refer to the HanDBase Manual, section: Database Properties - Security):

  1. Keep databases password protected.
  2. Keep databases encrypted using a passphrase with no less than 8 characters.
  3. Combine letters and numbers in your password and encryption passphrase.
  4. Use the "Encrypt marked fields on record close" option.
  5. Set sensitive fields such as Social Security Number, Name, Phone numbers, Diagnoses, etc. to use Encryption by toggling the "Encrypt" option to ON.
  6. Use common sense when providing someone else with your password and encryption passphrase.
  7. Do no leave open records or un-encrypted.