HIPAA
HIPAA regulations are extensive, covering all aspects of proper handling of patient information, and the information processed through Patient Tools, falls under the privacy and security requirements of the regulations.

Basically, HIPAA requires that information be protected from unauthorized and illegal access, particularly in regard to identifying data about an individual patient.

Patient Tools, maintains HIPAA-compliant security in two ways. First, we implement extensive system security to block unauthorized access.

Second, the data within the system is de-identified, meaning that no identifying patient information (name, SSN, etc.) is sent through or maintained by the Patient Tools system.

To comply with HIPAA requirements, audit trails are maintained on all transactions.

System Security
At remote locations (practice office and research study sites), we implement user name/password restrictions and verify PC-specific signatures.

Unauthorized access from within the healthcare organization is prevented by termination of inactive sessions. Security is not compromised by restricted websites being left "active" on a PC desktop.

Different "levels" of user access are maintained, keeping access on a "need to know" basis. Even authorized users within the health care organization can have their access restricted to the functionality they need to complete their jobs.

Across the Internet, extensive security measures from 128-bit SSL encryption to server authentication and other precautions guard your data.

While no system connected to the Internet is immune to a serious, systematic attack, the multiple layers of security make the possibility of someone gaining illegal access extremely remote and all that anyone would find inside the Patient Tools system is de-identified data.