EZDERM SECURITY INFORMATION
Data Backup Process:
EZDERM is a cloud-based platform hosted on Amazon Web Services (AWS), the leader in cloud computing. Our servers and databases are backed up on a daily basis. For redundancy, we also take backups of backups in order to take all steps possible to prevent data loss in disaster situations. Individual users are not required to perform backups as the system has been designed to automate the backup process.
Our backups are located in multiple Amazon Availability Zones. AWS consists of one or more discrete data centers, each with redundant power, networking and connectivity, housed in separate facilities. This would help recover data from a single Availability Zone outage if needed.
Encryption:
EZDERM has encrypted communication via HTTPS with the latest TLS protocol, HIPAA compliance and system monitoring of data security.
Best Practices for HIPAA Security
- Don’t share password with other users.
- Create a complex password (Secure Password Generator) that is changed regularly.
- Deactivate users who are no longer part of the practice immediately.
- Set up Access Permissions according to user roles.
- Logout of account when not at computer or iPad. Do not leave protected health information (PHI)* on the screen when not working on that chart.
- Provide up-to-date training program on the handling of PHI for employees performing health plan administrative functions.
- Avoid accessing a patient’s record unless needed for work.
- Minimize the occurrences of others overhearing patient information. Do not use a patient’s whole name within hearing distance of others.
- Never email PHI. If the information cannot be sent another way, use email encryption.
- Always use a cover sheet when faxing PHI.
- Make sure computers have updated anti-virus scanning software installed. This helps guard your practice against malicious software.
*Protected Health Information (PHI) under the US law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a Business Associate of a Covered Entity), and can be linked to a specific individual.
- Patient names
- Addresses — In particular, anything more specific than the state, including street address, city, county, precinct, and in most cases zip code, and their equivalent geocodes.
- Dates — Including birth, discharge, admittance, and death dates.
- Telephone and fax numbers
- Email addresses
- Social Security numbers
- Driver’s License information
- Medical record numbers
- Account numbers
- Health plan beneficiary numbers
- Certification/license numbers
- Vehicle identifiers and serial numbers, including license plate numbers
- Device identifiers and serial numbers
- Names of relatives
- Internet Protocol (IP) address numbers
- Biometric identifiers — including finger and voice prints.
- Full face photographic images and any comparable images.
Comments
0 comments
Please sign in to leave a comment.