1 / 13

Protecting Data: HIPAA and WebChartMD Comparison

This presentation explores the major provisions of HIPAA and compares them with the features of WebChartMD, a software designed for HIPAA compliance. Topics covered include risk analysis, access control, user identification, emergency access procedures, automatic logoff, encryption, audit controls, integrity, authentication, and transmission security. WebChartMD offers comprehensive solutions for protecting electronic protected health information.

mconverse
Download Presentation

Protecting Data: HIPAA and WebChartMD Comparison

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Beyond HIPAA,Protecting Data Key Points from the HIPAA Security Rule

  2. Introduction • The following presentation looks at the major provisions of the Health Insurance Portability and Privacy Act of 1996 (HIPAA) and compares it with the respective features of WebChartMD designed to provide compliance.

  3. Risk Analysis & Management (§164.306) • Dedicated software test team • Continuous testing of codebase in Production • Contracted with 3rd party vendor Digital Defense, Inc. for Network Penetration Testing • Automated security tests conducted regularly • Manual analyst security penetration test conducted each quarter

  4. Access Control (§ 164.312(a)) • “Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4)[Information Access Management].” • WebChartMD allows clients to define user access across four dimensions • Define access by Ability (What can they do) • Define access by Care Provider Associations • Define access by Document Status • Define access by Patient Location

  5. Access Control (§ 164.312(a)) • Unique User Identification (§ 164.312(a)(2)(i)) • “Assign a unique name and/or number for identifying and tracking user identity.” • WebChartMD allows clients to use either simple to remember usernames or complicated usernames depending on corporate policy

  6. Access Control (§ 164.312(a)) • Emergency Access Procedure (§ 164.312(a)(2)(ii)) • “Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency.” • WebChartMD provides access to full support resources M-F from 8am to 8pm • WebChartMD provides emergency contact numbers to page an on-call technical support representative 24/7 • Fully redundant datacenter in a geographically diverse location with continuous data replication

  7. Access Control (§ 164.312(a)) • Automatic Logoff (§ 164.312(a)(2)(iii)) • “Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.” • WebChartMD automatically logs users off the system after a period of inactivity. • Users are required to login again before being able to access system resources

  8. Access Control (§ 164.312(a)) • Encryption and Decryption (§ 164.312(a)(2)(iv)) • “Implement a mechanism to encrypt and decrypt electronic protected health information.” • All dictations and transcriptions are embedded in the main database • All dictations and transcriptions are encrypted using AES-256 bit encryption standards before they are stored • In the unlikely event our database is compromised, PHI will still be unrecoverable

  9. Audit Controls (§ 164.312(b)) • “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” • WebChartMD contains full audit trail functions, logging each time a dictation and transcription is ‘touched’ by a user • All staff actions performed using internal tools are fully logged with pre and post states logged as well

  10. Integrity (§ 164.312(c)(1)) • “Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.” • WebChartMD allows users & internal staff to only perform logical deletes • Ability to perform Physical Deletes is only given to database administration staff • When each transcribed document is modified and stored, the system performs a full virus and integrity check on the document • Any anomalies are detected by WebChartMD staff and our clients are immediately alerted

  11. Person or Entity Authentication (§ 164.312(d)) • “Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.” • WebChartMD enforces a strict password policy that requires the use of strong passwords • All passwords are stored as salted one-way hashes • Our staff, including database administrators, are unable to see a user’s password

  12. Transmission Security (§ 164.312(e)(1)) • Integrity Controls (§ 164.312(e)(2)(i)) • “Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.” • WebChartMD uses standards based protocols for all data transmission • Network layer protocols contain checksums to ensure that the data packet has not been modified during transmission

  13. Transmission Security (§ 164.312(e)(1)) • Encryption (§ 164.312(e)(2)(ii)) • “Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.” • WebChartMD servers use Extended Validation Certificates from VeriSign • All data that is transmitted over the public Internet is encrypted using 128-bit SSL encryption • Web Portal and Web Service access is strictly over 128-bit SSL encryption

More Related