De-identifying data in the PTI Data Center makes data sharing work easier, but the primary reason for de-identifying data has always been to keep the data secure and HIPAA compliant. We take data security seriously meeting, and usually exceeding, the security standards required by our clients.
All Data Is De-Identified
The process of stripping out PHI, de-identifying data being sent to the PTI Data Center and re-identifying data coming back, is more work but adds an extra level of security. You have to hack the PTI Data Center for de-identified data and then find and hack the associated PTI Data Exchange for the associated PHI. It is easier to hack your EMR/EHR directly and get access to far more sensitive information.
Connection Permissions Control Sharing
Connections have permissions associated with them. Profile connections are ultimately controlled by the client. They need to be requested and accepted and can be restricted or closed at any time. Data connections require a data agreement between the two agencies and then only share de-identified information. Connections enable everyone to get their work done, but don’t compromise security.
Apps Are Locked To Devices
When PTI Apps initially login to the PTI Data Center, a signature is created and locked to the associated account in the PTI Data Center. Even if an employee knows the user name and password for a PTI App account, they cannot go home, download their own PTI App and login. The signature will not match. Similar to de-identifying data, it’s more work to manage signatures, but it’s an extra level of security.
HIPAA Compliant And More
PTI security meets the standard HIPAA requirements of user names, strong passwords, encrypted communication, logging, etc. De-identifying data, PTI App signatures and other security measures, exceed requirements and have always been included to make your data more secure.