Security and HIPAA Compliance
Raintree Systems HIPAA-Compliant Security Controls and Features
Encrypted security controls ensure patient confidentiality and meet federal, state and HIPAA compliance requirements.
Controlled access and usage rights for administrator-defined groups, individual users or a custom set of strict user and usage criteria.
Trails auditing and reporting functionality provides a chronological record of system resource usage including user login and file access.
Utilizes standard code sets, identifiers and security when submitting medical claims electronically via the HIPAA-compliant ANSI ASC X12N standard format.
- HIPAA-compliant 128-bit encrypted remote-access security controls
- HIPAA ANSI ASC X12N-standard electronic claims and forms submission using standard code sets, identifiers and security
- Tracking, recording and reporting of logins/users, workstations, dates, times and accessed information
- Advanced features for fault-tolerant authentication and access control
HIPAA-compliant transfer of protected health information
A major concern in the healthcare industry is the security and privacy of health records and their transmission between healthcare providers. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines federally mandated guidelines that providers must follow to address issues ranging from patient confidentiality and health insurance, industry reform to administrative streamlining and simplification.
Raintree Systems management software meets HIPAA compliance requirements and all existing state and federal laws and regulations relating to the transmission, storage and access of records and other client/patient data to maintain the security and confidentiality of patient information.
Relevant HIPAA Requirements and Applicable Raintree Systems Features:
| HIPAA Requirement | Description | Applicable Raintree Healthcare Management Software Feature or Option |
|---|---|---|
| Data backup and disaster recovery | Data backup: Mission-critical data must be stored/backed up simultaneously on- and off-site for a high probability of disaster survival Disaster recovery: An organization should develop a complete plan for data backup and disaster recovery to be able to quickly recover/restore data in the event of an emergency. |
Raintree’s Application Service Provider (ASP) Solution includes hosting of your organization’s data offsite with incremental and complete backups scheduled and performed on a routine basis. Data can be easily recovered from backup media and a custom disaster recovery plan can be developed upon request |
| Password management | Requires an organization to utilize multiple password checks and balances. Some examples include: the use of “strong” passwords; automatic idle-time log-offs requiring passwords to be re-entered; restricted access based on user classifications; coupling of a network login with additional application logins | Encrypted user logins and administrator-defined login and usage controls protects against unauthorized access |
| Audit Trails and Reporting | A chronological record of system resource usage that includes user login, file access and whether any security violations occurred | Tracking and reporting functionality can provide real-time access to system resource usage records – including user login and file access |
| Alarms | Devices that can sense an abnormal condition within the system and provide, either locally or remotely, a signal indicating the presence of an abnormality | Integrated rules-based scheduling triggers and alerts are included in all modules of the Raintree Systems solution |
| Electronic Communications Security | Requirements for message authentication, integrity control, access control and encryption | Raintree Systems utilizes standard code sets, identifiers and security when submitting medical claims electronically via the HIPAA-compliant ANSI ASC X12N standard format |
| Policies and Procedures | HIPAA requires the creation and maintenance of business policies and procedures that must be available for viewing by those they affect. Also requires formal training on these for all employees | Since the Raintree solution is customized for each organization’s workflow (i.e. policies and procedures), a written and/or visual summary can be posted within the application for easy access. In addition, Raintree Professional Services offer training options as well. |
About the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA outlines federally mandated guidelines that healthcare entities must follow to collect, store, secure and transmit patient information and addresses issues ranging from health insurance industry reform to administrative streamlining and simplification. The included Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule) creates national standards to protect individuals’ personal health information and gives patients increased access to their medical records. The included Security and Electronic Signature Standards section outlines what a healthcare entity must address to safeguard the integrity, confidentiality and availability of all information electronically maintained or used in an electronic transmission.
Visit the following web sites for more information on HIPAA requirements, guidelines and compliance deadlines:
