The United States Health Insurance Portability and Accountability Act (HIPAA) has had far-reaching consequences, as we’re certain you know. We’ve designed some features to help you fit the T.O.V.A. into your HIPAA-compliance procedures.
The T.O.V.A. has only limited built-in security. Instead, the T.O.V.A. assumes that your organization has standard physical and computer security measures in place that meet HIPAA requirements.
If you need more information, please contact T.O.V.A. technical support (section 29).
The TOVA Company wants your T.O.V.A. data to be secure and private. Organizations covered by United States HIPAA regulations should have a Business Associate Agreement (BAA) with any company that might be exposed to their patients’ Protected Health Information (PHI). Because The TOVA Company may encounter PHI in the course of assisting you with support, backups, etc., we provide a Business Associate Agreement.
You do not have to accept this agreement. You can send us a different agreement which we can review and accept or decline, or you can decline any BAA with The TOVA Company altogether. If you do not accept an agreement, several features of the T.O.V.A. software will be limited or disabled:
The T.O.V.A. software will provide you prompts to accept the T.O.V.A. BAA, but you must have Administrator access to your computer in order to accept or decline the agreement. The BAA should only be accepted by someone who has the authority to do so on behalf of your organization.
If your organization is not covered by United States laws, you can choose to either enable or disable these features. Please check your local privacy regulations and choose accordingly. If The TOVA Company is required to adhere to specific privacy laws in order to access personally identifiable data, please forward the appropriate agreement/contract to The TOVA Company for The TOVA Company’s consideration.