|
|
|
 |
|
requires the ability to establish and maintain reasonable
and appropriate administrative,
technical, and physical
safeguards to ensure integrity, confidentiality, and availability
of the information. |
|
|
was the result of efforts by the federal government to ensure
healthcare data practices permitted ease for patients to move jobs,
insurance and healthcare providers.
The goals
and objectives of this legislation are to streamline industry
inefficiencies, reduce paperwork, make it easier to detect and
prosecute fraud and abuse while enabling workers of all professions to
change jobs easily, even if they (or family members) had preexisting
medical conditions.
HIPAA requires the ability to establish and maintain reasonable and
appropriate administrative, technical, and physical safeguards to
ensure integrity, confidentiality, and availability of the information.
Healthcare organizations are required to individually assess their
security and privacy requirements and take suitable measures to
implement electronic data protection (both in transit and in storage).
As proposed, a HIPAA-compliant information system will need to include
a combination of administrative procedures, physical safeguards, and
technical measures to protect patient information while it is stored
and while it is transmitted across communications networks. IDrive
provides critical data security protection without compromising patient
privacy and can help customers achieve HIPAA compliance.
|
|
|
Preventing Unauthorized Access |
|
Unauthorized
access to individually identifiable health records is strictly
forbidden, so care must be taken on how records are backed up,
transported offsite and accessed to prevent unauthorized access. |
|
Secure Transmission |
|
Customers’
data is encrypted and transmitted securely to a vault that resides at a
world-class data center that is insured to provide data protection
services. |
|
Physical Access |
|
Access
to the vaults and the data center is strictly controlled through
administrative procedures, physical safeguards, and technical security
measures to prevent unauthorized use or disclosure of customer data. |
|
Logical Access |
|
Logical
access to the data is strictly controlled, with a secure user
interface, which provides the ability to set password policies and
assign users rights to manage the backup of specific servers. More
importantly, access through the web does not permit a user to view the
contents of data. |
|
Data Retention |
|
Healthcare
providers must retain health records (electronic, written and oral) for
a minimum of 6 years in accordance with the HIPAA privacy final ruling.
Data will remain in the IDrive vaults for as long as the client chooses
to retain it. IDrive does not have access to the contents of the data
files stored. |
|
|
