In 1996, the Health Insurance Portability and Accountability act (HIPPA) was signed into law. According to the act, certain procedures and security protocols were required to protect a patient and a patient’s medical files. Among those medical files are physical documentation of medical visits, computerized medical records and medical images. In accordance with HIPPA rules and regulations, medical professionals were required to maintain use of HIPPA-compliant software.
What Makes a Software HIPPA-Compliant?
In a world of phishing and identity theft, hackers are always trying to steal crucial information or hack into medical databases. HIPPA-compliant software helps maintain a strong boundary between the hacker and the patient and even “knows” how to shut down if a hacker were to get too close.
Internet Server Security – The first line of defense is in-house security. Though medical professional seek to hire trusted employees, there is always the chance someone will attempt to access data or personal medical files of a patient. With Secured Socket Layers, no one is allowed to access information unless a secured user name and password are given to that employee. All changes are noted on a secured log and modification is limited to those with the highest level of access.
Encrypting Database Information – Without a doubt, the Internet has made passing medical information from one site to another quick and easy, but that also implies others may gain faster access to that information once passed through cyberspace. Database encryption transforms common, everyday medical terms and words into useless code that cannot be broken. Even if information is intercepted, the hacker will never make use of the encrypted data.
Admission Controls are Secured – An administrator is required to set up all new user access under HIPPA rules. This information needs to be known only by the administrator and the user. Users are unable to change passwords or log in information without the administrator and all passwords are changed every 30 days.
Timeouts to Prevent Accidental Passing of Personal Information – It is not unlikely that a nurse or medical professional will walk away from a computer after accessing a personal medical file. HIPPA-compliant software is set up with instant log out timeouts that shut down the medical file and lock access to the medical software after a short period of inactivity. Typically, timeouts are set at 30 seconds or less.
Server Monitoring – HIPPA-compliant software includes server monitoring as a last line of defense. There are multiple walls of defense between a hacker and personal medical information, but hackers are smart. Once a hacker reaches a certain point of entry, which is nowhere near the medical files, the system will shut down for all users. This prevents anyone, even medical personnel, from retrieving medical information. Once the “smash” attempt is over, access can be restored.
In the world of virtual medical information, HIPPA-compliant software keeps files, images and information safe from any and all potential intruders.