HIPAA
HIPAA (Health Insurance Portability and Accountability Act of 1996) is a regulation designed to protect confidential healthcare information through improved security standards and federal privacy legislation. It defines requirements for storing patient information before, during, and after electronic transmission. It also identifies compliance guidelines for critical business tasks such as risk analysis, awareness training, audit trail, disaster recovery plans, and information access control and encryption.
The HIPAA regulation has three main components that apply to “covered entities” (a covered entity is any provider of healthcare services that charges the government or insurance for their services):- Standard Transaction Code Sets
- Patient Information Privacy
- Patient Information Security (both electronic and physical records)
To learn more about HIPAA, please visit:
- http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html
- http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act
- http://whatishipaa.org/hipaa-compliance.php
Security
Worried about keeping your data housed in a separate facility? The truth is, your data is much safer when housed off-site.
Your data probably resides on your computer’s hard drive, where it is easily accessible. With Sycle, users are granted privilege levels which control access and make it impossible for an individual to access more than one patient record at a time.
Furthermore, your data is only as secure as the facility that houses it. None of us will forget the tragic hurricanes that struck the Gulf Coast and Florida in 2004 and 2005. Many businesses in the region, including hearing care practices, suffered tremendous losses. Some practices lost all of their data. But those using Sycle did not—their data is housed on redundant servers in a secure IBM facility.
Data Security
World-Class Security Infrastructure
At Sycle.net, we know that security is crucial to your practice—that is why security is our top priority. We have partnered with IBM to bring you the most secure data storage and maintenance available, and ensure that your customer data is never compromised. The result: unsurpassed security and privacy of our customers’ information. When you sign up with Sycle.net, you’ll enjoy the protection and peace of mind that only IBM’s world-class security infrastructure can provide.
Security Measures
Security measures include the following:
- Expert team of experienced, professional engineers and security specialists
- Round-the-clock protection of data and systems
- Continuous deployment of proven, up-to-date firewall protection, SSL encryption, and other security technologies
- Ongoing evaluation of emerging security developments and threats
- Complete redundancy throughout the entire Sycle.net Online Infrastructure architecture
Physical Security: Our production equipment is collocated at an IBM Data Center that provides:
- 24-hour physical security
- Enforcement of fingerprint and body weight verification for all facility access
- Solid, steel-reinforced concrete building
- Redundant electrical generators and data center air conditioners
- Emergency diesel generators
- Other backup equipment designed to keep servers continually up and running
Data Encryption: Sycle.net leverages the strongest encryption products to protect customer data and communications, including 128-bit SSL certification and 2048-bit RSA public keys.
User Authentication: Users access Sycle.net only with a valid username and password combination, which is encrypted via SSL while in transmission. An encrypted session ID cookie is used to uniquely identify each user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.
Application Security: Our comprehensive application security model prevents one Sycle.net customer from accessing another’s data. This security model is reapplied with every request and enforced for the entire duration of a user session.
Internal Systems Security: Inside of the perimeter firewalls, systems are safeguarded by network high-performance web proxies, access control lists, non-routable IP addressing schemes, and more. Exact details of these features are proprietary.
Database Security: Sycle database servers are not exposed to the internet. All Sycle database servers reside on a separate private network that can only be accessed by the Sycle application. All Sycle administration is through individual, monitored administration logins.
Server Management Security: All data entered into the Sycle.net application by a customer is owned by that customer. Sycle.net employees do not have direct access to the Sycle.net production equipment, except where necessary for system management and administration, monitoring, backups and customer support at the behest of the customer.
Business Continuity and Disaster Recovery: All networking components, SSL accelerators, load balancers, web servers, and application servers are configured in a redundant configuration. All customer data is stored on multiple database servers with full business continuity fail-over. Data is backed up nightly and stored to a secure offsite facility. In the event of catastrophic failure, data can be restored within a maximum of 24 hours.