BlueCamroo & HIPAA & PIPEDA Compliance
The healthcare industry is built on a foundation of trust. People will only give their medical details because they know that patient-doctor-confidentiality is the cornerstone of the entire system. This is why the storage of Personal Health Information (PHI) is held to a higher standard than the storage of other personal information.
This higher standard is what led to legislation such as America’s Health Insurance Portability and Accountability Act (HIPAA) or Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
The law regulates the use and dissemination of PHI in four general areas:
- Privacy, which covers patient confidentiality.
- Security, which deals with the protection of information, including physical, technological, and administrative safeguards.
- Identifiers, which are the types of information that cannot be released if collected for research purposes.
- Codes for electronic transmission of data in healthcare-related transactions, including eligibility and insurance claims and payments.
BlueCamroo has taken into account all expectations in these legislations.
What HIPAA Expects from Software
HIPAA, or the Health Insurance Portability and Accountability Act of 1996, sets guidelines for medical professionals and the handling of medical records and information. With the advent of electronic records and online medical record databases, HIPAA compliant software must meet many EHR security standards to meet set HIPAA guidelines.
Secure Internet Server
HIPAA compliant software utilizes SSL, or secured socket layers. When information is protected by SSL no one but authorized users can access data. Information is not stored unless secured. Modification is not allowed without authorized access and all changes are logged.
Database Encryption
Information, messages and patient files are encrypted. Encryption transforms readable words into code that cannot be decoded by someone intercepting data.
Secured Admission Controls
User IDs and passwords are set-up by an administrator and typically allow only one password change every 30 days. Moreover, passwords changes may be forced every 30 days to prevent access to secure files by someone who oversees the entering of a password.
Session Timeouts
Session timeouts are typically set from within the HIPAA compliant software. Timeouts prevent information from sitting idle on a computer screen for passersby to read. Timeouts may be set with narrow time limits of inactivity, such as 30 seconds or less. Longer timeout sessions may be allowed in clinical settings where unauthorized users have no access.
Monitoring of Server
Secured socket layers, database encryption, secured admission controls and session timeouts are crucial to the security of patient information and files, but that does not stop hackers from attempting to infiltrate a medical file system. Monitoring should be constantly in place to recognize attempts to break into the system or “smash” the system from an outside source. Security may be in place to shut down access to medical information if a hacker breeches any layer of security.
BlueCamroo Moved Hosting to Microsoft Azure
In early 2018 BlueCamroo moved their hosting to Microsoft Azure, which is HIPAA compliant as well. This move will enhance protection for PHI, and for all information that is stored on BlueCamroo. To learn more about Microsoft Azure and HIPAA click here.
