HIPAA Compliance

The below information provides information on the rules & regulations InstaHeal has implemented to comply with HIPAA requirements.

These systems and procedures fall into three categories:

Administrative Procedures, Physical Safeguards and Technical Data Security. Each of these categories is described briefly below:

Administrative Procedures:

This category includes systems and procedures used to guard data integrity, confidentiality, and availability. These are formal procedures for selecting and executing information security measures. These procedures also address staff responsibilities for protecting data.

HIPAA Compliance Management

The InstaHeal HIPAA Compliance Committee performs internal assessments and audits, performs gap analyses, conducts training, sets policies for security and access to components, and monitors the HIPAA implementation rules on an ongoing basis and assigns activities and responsibilities to ensure compliance.

All personnel with access to customer data or customer records are required to sign a confidentiality agreement. All business partners with access to protected information must enter into a business associate agreement that requires full compliance with all HIPAA requirements and safeguards.

Physical Safeguards:

This category includes safeguards to protect physical computer systems and related buildings and equipment from intrusion as well as fire and other environmental hazards. The use of locks, keys, and administrative measures used to control access to computer systems and facilities are also included.

InstaHeal servers and databases are housed in a state-of-the-art data center.

The data center facilities provide a secure, climate-controlled environment that is operational 24 hours a day, 7 days a week, and 365 days a year. The data center is physically secured and requires the use of special electronic access codes to enter. Keys are only issued to individuals authorized by the HIPAA Compliance officer.

Logs of all entry and exit from the facility are automatically maintained. The data center facilities are equipped with climate control systems, fire detection and suppression systems, and backup UPS and generator.

Technical Data Security:

This category includes systems and procedures used to protect, control, and monitor information access and include processes used to prevent unauthorized access to data transmitted over a communications network. Security is addressed at all layers: physical, network, database, application, and user.

Physical Security - See above
Network Security

All InstaHeal servers and databases are located on a secured internal network that is protected by a Secure Firewall. This appliance holds the top ranking in performance and employs encryption built-in.

Database Security

InstaHeal uses the MySQL Server databases and implements the SQL Server Security Model. In summary, this model addresses security at multiple layers including securing access to the server, securing access to the database, securing access to database objects, and securing access through application roles.

Application Security

Our High Definition Video Conference solution apply 128-bit encryption to all files prior to any file transmission via the public Internet.

All use of the our web application is forced to occur using the HTTPS protocol

(SSL – secure socket layer) with 128-bit encryption strength. Attempts to access the application without SSL are redirected.

User Security & Audit Trail

Access to our system is limited to registered users. Users must provide their username and password to gain entry.

A complete audit trail is maintained including user session information. All database transactions are logged.