Is the Uber Health Ride Sharing Service HIPAA Compliant?

Uber Health, which beta launched this March, is a platform that is used for arranging cost effective transportation for patients. About 100 healthcare organizations need to try the platform before it is officially launched. However, there are questions raised on the HIPAA compliance of Uber Health.

Uber Health features an online dashboard that healthcare providers can access to schedule transportation for their patients. If the patient has provided a mobile phone number, he or she will be notified via text message regarding the collection and drop off time and location. Unlike the standard Uber service, a patient is not required to use an Uber Health smartphone app.

When healthcare providers use Uber Health to arrange transportation for their patients, the number of no shows goes down and more patients come to their appointments. Rides for the patient’s follow up appointments can be arranged even before the patient leaves the facility. Uber Health can be used for hospital staff and caregivers as well.

HIPAA-covered entities that use Uber Health need to input information including patient names and appointment times into the system. Hence, a business associate agreement (BAA) is necessary before healthcare providers can use Uber Health. There’s no problem with Uber as the company is willing to enter into a BAA with participating HIPAA-covered entities.

Uber Health has a published claim on its website that it is HIPAA-compliant. Any data inputted in its system is protected by HIPAA compliant privacy and security controls. Data in the system is secured and drivers only receive limited information such as the name of the patient, the pickup and drop off time and location, the same as with regular taxi services. The drivers do not get access to any protected health information.

During the development of the Uber Health service, Uber consulted with Clearwater Compliance to make sure it satisfies all HIPAA requirements. Uber Health was also subjected to HIPAA-compliant risk analyses and assessments and found to be in compliance.

Hence, Uber Health is deemed to be a HIPAA compliant ride sharing service provided a BAA is obtained prior to use. Healthcare providers can confidently use it knowing that it does not violate HIPAA rules.