Health Insurance Portability and Accountability Act (HIPAA) Compliance Statement
As a healthcare provider, Healthport is committed to compliance with the requirements of the Health Insurance Portability and Accountability Act (HIPAA).
These regulations pertain to the security, electronic data interchange and confidentiality of Patient health information. As a part of its overall quality system Healthport has established a formal, written program for HIPAA compliance and to ensure that the "Chain of Trust" is maintained between Healthport and its Patients. This program undergoes regular audits to confirm that the organization meets or exceeds all applicable compliance standards and their associated deadlines.
To meet the requirements for Patient data security and privacy Healthport employs such systems and techniques as:
Advanced firewall security
Fully alarmed physical perimeter security
Sophisticated data encryption algorithms
Password protected system access
Restricted visitor access
Virtual Private Networks (VPN)
Intrusion detection systems
These mechanisms undergo routine evaluation and upgrade as technologies related to security and privacy improve.
As it applies to our products, Healthport Cybercareplan, Healthport has will take steps to meet and far exceed standards for privacy and security. In particular, the Server is placed inside a network firewall, using 128-bit RSA public-key authentication and 128-bit Advanced Encryption Standard (AES) data encryption to insure data security and privacy in transit to Healthport. In addition, Healthport constantly monitors security/virus issues for potential security risks and can provide prompt updates and Patient notification to address any such issues.
Shell Access -- Healthport Technical Staff
The server can be managed using the UNIX command prompt. The command prompt can only be reached using the shell client with the SSH Transport Layer Protocol. This protocol provides between 128-bit and 256-bit encryption for all data communications and is one of the most complicated algorithms available. As an additional precaution, the login must be from a trusted computer that is kept as a short list of static IP addresses.
Remote Database Access -- Healthport Technical Staff
It is necessary to connect to the Healthport database from a remote database server to maintain the database and execute off-site backups of the data. The connection to this database uses the same SSH protocol as the shell access but connects on a separate port and access is managed via a separate "short list" of computers that are allowed to connect.
In the unlikely event that the machine is accessed by an unauthorized individual, all Patient data is stored in a secure folder on the server. In addition, the format of the data is a proprietary, binary file which using a proprietary encryption method.
In addition, the technical team constantly monitors the system logs for attempted attacks, unauthorized programs, and services. The physical location of the server at Healthport means that the server can be physically removed from the Internet if there is an attack on the system which cannot be immediately resolved.
Healthport provides the above information to demonstrate its intent and commitment to compliance with the HIPAA regulations. If you would like more information on Healthport HIPAA compliance efforts, please contact the HIPAA Compliance Officer at (800) 327-7953, or via email at firstname.lastname@example.org