HIPAA privacy and security is taken very seriously, and every possible safeguard we can use, is applied to any data we receive, regardless of a formal agreement between incrediblySmart and your facility.
The (HIPAA) Security Rule defines technical safeguards in § 164.304 as “the
technology and the policy and procedures for its use that protect electronic
protected health information and control access to it.”
How do we address the security of the files we receive?
* Data is downloaded and saved to an encrypted drive
* Data is never co-mixed with data from another customer
* The encrypted drive is protected by a 38 character password.
* If the external drive is connected, without the proper software and password, it appears to be un-formatted.
* The encrypted drive contains Virtual Machine Images running the required software for extraction/conversion.
* At the end of the day the hard-drive is removed and locked in a safe.
* The office doors are locked after hours, in a locked building.
* The computer is secured to the desk by a cable.
* The computer has a time-out which requires a password
* Each virtual machine requires a password
* The virtual machines are not open to the Internet
* Transmitted data which contains PHI is zipped and encrypted
* Data is typically uploaded using Box.com which provides a secure point-to-point, encrypted transfer method.