Security, Privacy and HIPAA

HIPAA AND SECURITY MODEL

The mobile and web applications are designed to be secure in handling information provided and stored within it.  All data exchanges between mobile applications or web browsers and the website are encrypted.  Data stored in the mobile application as well as the website are secured and encrypted. 

Typically, layered-security approach centers on maintaining appropriate security measures and procedures at five different levels within an IT environment:

1. Perimeter

2. Network

3. Host

4. Application

5. Data

 

MOBILE DEVICE SECURITY

Authentication/Authorization

        Password protection

        Data encryption and security

 

WEBSITE SECURITY

Authentication/Authorization

Password protection

Data protection

 

ADMINISTRATION SECURITY

Authentication/Authorization

Administrator password protection

Password change/reset

Locking an Account

Permissions

Reporting encryption

 

SMS SECURITY

No PHI is delivered in the SMS

 

EMAIL SECURITY

No PHI is delivered via Email 

 

SECURED TRANSMISSION

Data would be exchanged over the internet securely using HTTPS/SSL.  

ENCRYPTION

An SSL certificate establishes a private communication channel enabling encryption of the data during transmission. Encryption scrambles the data, essentially creating an envelope for message privacy.

Each SSL Certificate consists of a public key and a private key. The public key is used to encrypt information and the private key is used to decipher it. When a Web browser points to a secured domain, a Secure Sockets Layer handshake authenticates the server (Web site) and the client (Web browser). An encryption method is established with a unique session key and secure transmission can begin. True 128-bit SSL Certificates enable every site visitor to experience the strongest SSL encryption available to them.   

 

AUTHENTICATION

Every SSL Certificate is created for a particular server in a specific domain for a verified business entity.  Like a passport or a driver’s license, an SSL Certificate is issued by a trusted source, known as the Certificate Authority (CA) When the SSL handshake occurs; the browser requires authentication information from the server. If the information does not match or the certificate has expired, the browser displays an error message or warning.