hipaa

Home | about us | services | technology | company profile | hipaa | contact us | secure ftp | media | careers | login

feedback | site map | search

 

HIPAA Compliance at Medsoft

The purpose of HIPAA is to protect confidential healthcare information through improved security standards and it defines certain requirements for storing patient information. It creates awareness and provides guidelines for risk analysis, training, suggests policies to perform audit trails, disaster recovery and validates access control and encryption.

Physical Security at our Premises

To access Medsoft one has to pass through security checks at the entrance and without prior appointments visitors are not allowed. All visitors are logged in by name, purpose of visit, date and time. To prevent inappropriate access to our office permitted visitors are handed an identity pass, which has to be displayed on person at all times. As an additional security measure floppy drives and CD-ROM drives on every workstation have been removed. And we have in place security guards who patrol the premises around the clock.

Our File Management System software allows administrators to assign passwords and roles to individual users of our system. We monitor and log all activity of employees on our systems. Physical access to the various departments is constantly monitored and controlled by either electronic access or the "good old lock and key". Physical access to data servers and storage media is provided to a select few and senior management using a "double-key-safety deposit locker-system-method" to ensure high level of security. A close circuit video monitoring system with security cameras is being implemented.

Electronic Data communication and Security

All communications between our office and our clients’ systems are done by VPNs’ connections using either CheckPoint, SonicWall and or Safe-Net software and via (secure-socket-layers) SSL connections using 128-bit encryption. Data communicated between our "fire-walled-Intranet" and the Internet is through application level secure access that ensures privacy and integrity over the Internet and protects data being transferred from eavesdropping, tampering, and spoofing. Utilizing stateful packet inspection, the most effective method of packet filtering, Medsoft’s local network is protected from hackers and vandals on the internet.

Data back-up and security

Two independent ISPs' with different data communications lines, one via Satellite and the other through leased lines form the backbone of our data communication. Redundancy is taken into consideration by 5 ISDNs' providing backup in the unlikely event when both our ISPs' falter.

By utilizing latest software and hardware technology along with Cisco and Nortel routers, and Sonicwall- Internet Security Appliances, Medsoft’s internal network is protected from systems breach form the "outside" by a "multiple-layered-firewall strategy". LAN is configured with NAT (network Address Translation) by which additional security and anonymity is achieved. Our local IP’s are not visible to the outside world. With our Hacker Attack Prevention policy attacks such as DoS (Denial of Service), Ping of Death, SYN Flood, Land Attack, and IP Spoofing are automatic detected and thwarted.

Auxiliary Power

A 75Kw diesel generator provides auxiliary back-up power with 1000-hour continuous operation capability. In an unlikely event that both the city’s electricity grid and our generator systems fail, we have a tertiary un-interruptible power supply support system (UPS-30 and 5 kW) that more than adequately serve our power needs in critical circumstances.

We strive for 100% redundancy for all exigencies and extreme circumstances and have carefully planned and implemented our disaster recovery and backup programs in such a manner that we do not have a single point of failure.

Employee hiring & Training and Background checks

Medsoft’s human resource department conducts extensive background checks on all new employees prior to our "employee confirmation process". Once confirmed, employees can log on to our systems only with valid "user authentication logons and passwords" and access is restricted. Access to server databases and sensitive information is on a "need to know basis" and constantly monitored.

Other HIPAA-Related Sites

http://www.hcfa.gov/medicaid//hipaa/online/default.asp

http://www.ama-assn.org/ama/pub/category/4234.html

http://aspe.hhs.gov/admnsimp/pubsched.htm
Send mail to webmaster@medsoftusa.com with questions or comments about this web site.
Copyright © 2005 MedsoftUSA
Last modified: Monday March 13, 2006