How to make sure you stay HIPAA compliant when using ICANotes

What Is HIPAA?

The Health Insurance Portability & Accountability Act known as HIPAA was first written into Federal law in 1996.

One of the main functions of HIPAA is to enforce the security and privacy of patient data referred to in the HIPAA law as PHI (Protected Health Information).

Several HIPAA rules to update the law have been issued over the years and the most recent rule – the Final Omnibus Rule – became effective March 26, 2013. Full compliance to the changes put forth in the 2013 rule is required by September 23, 2013.

Failure to comply with HIPAA mandates can result in civil penalties. In 2012, for example, the  Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. were fined $1.5 million due to their negligence after a laptop was stolen containing unencrypted PHI.

In your own practice, you will already have performed the required security risk analysis, and will have certain privacy and security procedures in place particular to your environment.

When using ICANotes, we suggest that you review and follow the specific guidelines contained in this document to protect PHI and to avoid possible serious penalties.

Please share this information with your colleagues who are using ICANotes and may not have seen this document.  This might be a good component of your HIPAA staff training.

How Should I Store My Patient Data and Login Information?

All ICANotes patient information is stored on HIPAA-compliant ICANotes data servers. No ICANotes patient information should be stored on a local hard drive either in your office or on an individual laptop or mobile device.

Access to ICANotes servers is only available through your ICANotes username and password.

  • To prevent unauthorized access to your data, do not store your ICANotes username and password near or on the device you use to login to ICANotes.
  • Keep in mind that persons who are not authorized to access patient data can still access this data if it has been copied from the ICANotes program to another device.
  • It is expected that users will sometimes need to transfer patient data or information to colleagues.  It is important, however, to make sure that the user only utilizes HIPAA-compliant forms of communication.
  • Do not send any patient information to other doctors or ICANotes support staff over unencrypted email or text since these methods are not secure.
  • Patient information can be securely sent via the ICANotes encrypted message system to ICANotes support staff.
  • Faxing is considered a secure form of communication as well.  It is a good practice, however, to only use the patient ID when faxing patient information.  Use a fax cover sheet that indicates Confidential Information is contained in the fax.
  • Contact ICANotes immediately when a breach or unauthorized access to ICANotes data is suspected.  Call 443-569-8778 or send an email to

How Should I Protect My ICANotes Computers and Mobile Devices?

Just because the ICANotes program does not store information on your physical hard drive does not mean that you should not take certain steps to protect your computers and mobile devices.

For All Windows Operating System Users:

Users should not open email messages from unknown senders or install unknown applications.   Sometimes these emails contain viruses that will record what is being typed into your computer or what is being shown on your monitor.

For All Mac Operating System Users:

There are significantly fewer viruses that Mac users have to worry about.  Due to the innate security inside the Macintosh OSX, the choice of whether or not to pursue anti-virus protection is left up to the user. Mac users, however, are not immune to malware.  It is imperative that Mac users do not open email messages from unknown senders or install unknown applications.  Almost all currently known Mac viruses originate in email messages.

For Windows-Based Laptop Users:

Anti-virus protection is highly recommended.  Laptop users can purchase a program such as “Lojack” ( to locate the laptop if it is stolen. This provides security for the device and tracking of the laptop in case of theft.

For All Mobile Device Users:

Mobile devices such as smart phones and tablets are virtually devoid of viruses. For this reason, the use of any anti-virus software is left to the user’s discretion.  All mobile devices should utilize some form of tracking software in case they are stolen.  For example, iPhones and iPads come prepackaged with an application called “Find My iPhone/iPad”.  Once properly configured these programs will allow users to remotely lock, wipe and locate their mobile devices.

If you have any questions, please call ICANotes at 443-569-8778.


  • Moving from paper to electronic records in behavioral health
  • Mental Health Group Therapy Notes
  • Patient Portal for Behavioral Health