TelemedProviders

Industry Leaders to Join 3rd OHS Forum in Kuwait

Industry Leaders to Join 3rd OHS Forum in Kuwait

  • An Image Slideshow
  • An Image Slideshow
  • An Image Slideshow
  • An Image Slideshow
  • An Image Slideshow
  • An Image Slideshow
Home Our Standards HIPAA Compliance

HIPAA Compliance Services & Solutions

HIPAA Compliance

This document provides information on the systems and procedures Telemed Providers has implemented to comply with HIPAA requirements.

These systems and procedures fall into three categories:

Administrative Procedures, Physical Safeguards and Technical Data Security.

Each of these categories is described briefly below:

Administrative Procedures:

This category includes systems and procedures used to guard data integrity, confidentiality, and availability. These are formal procedures for selecting and executing information security measures. These procedures also address staff responsibilities for protecting data.

HIPAA Compliance Management

Telemed Providers has established a HIPAA Compliance Management Committee consisting of the CEO, and director-level managers for operations and sales.

The HIPAA Compliance Steering Committee performs internal assessments and audits, performs gap analyses, conducts training, sets policies for security and access to components, and monitors the HIPAA implementation rules on an ongoing basis and assigns activities and responsibilities to ensure compliance.

All personnel with access to customer data or customer records are required to sign a confidentiality agreement. All business partners with access to protected information must enter into a business associate agreement that requires full compliance with all HIPAA requirements and safeguards.

Physical Safeguards:

This category includes safeguards to protect physical computer systems and related buildings and equipment from intrusion as well as fire and other environmental hazards. The use of locks, keys, and administrative measures used to control access to computer systems and facilities are also included.

Telemed Providers servers and databases are housed in a state-of-the-art data center.

The data center facilities provide a secure, climate-controlled environment that is operational 24 hours a day, 7 days a week, 365 days a year.

The data center is physically secured and requires the use of special electronic access codes to enter. Keys are only issued to individuals authorized by the HIPAA Compliance officer.

Logs of all entry and exit from the facility are automatically maintained.

The data center facilities are equipped with climate control systems, fire detection and suppression systems, and backup UPS and generator.

Technical Data Security:

This category includes systems and procedures used to protect, control, and monitor information access and include processes used to prevent unauthorized access to data transmitted over a communications network. Security is addressed at all layers: physical, network, database, application, and user.

Physical Security
See previous section.
Network Security

All Telemed Providers servers and databases are located on a secured internal network that is protected by a Cisco Secure PIX Firewall (hardware firewall). This appliance holds the top ranking in performance and employs IPSEC encryption built-in. (More info on the PIX at http://www.cisco.com/warp/public/cc/pd/fw/sqfw500)

Database Security

Telemed Providers uses the Microsoft SQL Server 7.0 and SQL Server 2000 databases and implements the SQL Server Security Model. In summary, this model addresses security at multiple layers including securing access to the server, securing access to the database, securing access to database objects, and securing access through application roles. (More information on this security model can be found on the web at: http://www.microsoft.com/sql/techinfo/administration/70/Security.doc)

Application Security

Our Tele-consultation Video Conferencing application and other desktop applications apply 128-bit encryption to all files prior to any file transmission via the public Internet.

All use of the our web application is forced to occur using the HTTPS protocol

(SSL – secure socket layer) with 128-bit encryption strength. Attempts to access the application without SSL are redirected. (More information about SSL is at
http://www.rsasecurity.com/standards/ssl/basics.html)

User Security & Audit Trail

Access to our PACS/RIS and Dictation/Transcription Platform is limited to registered users. Users must provide their username and password to gain entry.

A complete audit trail is maintained including user session information. All database
transactions are logged.