HIPAA regulations are extensive, covering all aspects of proper
handling of patient information, and the information processed
through Patient Tools, falls under the privacy and security
requirements of the regulations.
Basically, HIPAA requires that information be protected from unauthorized
and illegal access, particularly in regard to identifying data
about an individual patient.
Patient Tools, maintains HIPAA-compliant
security in two ways. First, we implement extensive system security
to block unauthorized access.
Second, the data within the system is de-identified, meaning that
no identifying patient information (name, SSN, etc.) is sent through
or maintained by the Patient Tools system.
To comply with HIPAA requirements, audit trails are maintained
on all transactions.
At remote locations (practice office and research study
sites), we implement user name/password restrictions and verify
Unauthorized access from within the healthcare organization is
prevented by termination of inactive sessions. Security is not
compromised by restricted websites being left "active"
on a PC desktop.
Different "levels" of user access are maintained, keeping
access on a "need to know" basis. Even authorized users
within the health care organization can have their access restricted
to the functionality they need to complete their jobs.
Across the Internet, extensive security measures
from 128-bit SSL encryption to server authentication and other
precautions guard your data.
While no system connected to the Internet is immune to a serious,
systematic attack, the multiple layers of security make the possibility
of someone gaining illegal access extremely remote and all that
anyone would find inside the Patient Tools system is de-identified