Compliance

HIPAA

Is TELEMEDOX HIPAA compliant?

The Security Rule of the original HIPAA legislation permits covered entities to use EMR as a way to electronically generate, store and transmit protected health information (PHI) and requires that steps be taken to protect the data.

How do we do it?

TELEMEDOX is HIPAA compliant by virtue of the following features:

· SSL connection is strictly enforced for the entire software. This cannot be modified even by the account administrators

· Encryption is strictly enforced for all data unless the user manually over-rides it.· Messages can be viewed or downloaded only by establishing SSL connection.

· Minimum password length and complexity is enforced.· Automatic session timeout is enforced.· Data transmission from the system is encrypted.

· Data Backup: All data entered into the software is backed up in three different locations, to eliminate any loss of data due to technical failure.

· Legal archiving: Data is archived remotely for a specified length of time, up to 7 years. This data cannot be edited or deleted. As long as the user is active archived data can be viewed and downloaded.

· Emergency Access Procedure: PHI in the data can be accessed securely, through controlled access from any location via the Internet. There are also mechanisms for authorized administrative to access account data.

· Audit Controls: Audit reports of all logins to TELEMEDOX software are available to administrators. Reports include the date, time, and the IP address from which logins were made.

· HIPAA Business Associate Agreement is signed with clients if needed.