Detrack Takes HIPAA SeriouslyIqbal Ghani
In 2020, cybersecurity issues have become a common struggle for businesses around the world. To successfully combat against malicious intent, it’s crucial for companies to make cybersecurity awareness, prevention, and security best practices a part of their culture.
Detrack have been working tirelessly to ensure the company is compliant with important data protection policies like GDPR, PDPA, and also the Health Insurance Portability and Accountability Act (HIPAA).
We realize that some of our customers in the pharmaceutical, medical or related industries, are required to ensure the confidentiality of patient healthcare data pursuant to HIPAA. We understand the sensitivities and the seriousness associated with keeping personal healthcare data private and secure, and Detrack will do our part to ensure that such data (if any) is kept confidential.
Ever since the General Data Protection Regulation (GDPR) was implemented in 2018, Detrack has already been working with world-renowned cybersecurity firms on a regular basis to ensure the company, along with our partners and clients, are not at risk of potential breaches.
What is HIPAA?
HIPAA stands for Health Insurance Portability and Accountability Act.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.
The HHS Office for Civil Rights administers the HIPAA Privacy and Security Rules. The HIPAA Privacy Rule describes what information is protected and how protected information can be used and disclosed. The HIPAA Security Rule describes who is covered by the HIPAA privacy protections and what safeguards must be in place to ensure appropriate protection of electronic protected health information.
Here are some other definitions you can familiarize yourself with to better understand HIPAA.
The HITECH Act
HITECH Act stands for Health Information Technology for Economic and Clinical Health Act.
The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 provides HHS with the authority to establish programs to improve health care quality, safety, and efficiency through the promotion of health IT, including electronic health records and private and secure electronic health information exchange.
Protected Health Information
Protected Health Information (PHI) is any “Identifiable Information” in medical records which comprises of electronics, paper, and oral records. This includes test results, doctor’s notes, names, health insurance information, and much more. The Privacy Rules require the protection of this information.
- Status of a patient health condition over a lifetime
- Healthcare services received over a lifetime
- Payment for those healthcare services
- All demographic information contained in this health info
The main takeaway for HIPAA compliance is that any company or individual that comes into contact with PHI must enact and enforce appropriate policies, procedures and safeguards to protect data.
HIPAA violations occur when there has been a failure to enact and enforce appropriate policies, procedures and safeguards, even when PHI has not been disclosed to or accessed by an unauthorized individual.
Detrack is HIPAA compliant
Detrack ensures HIPAA compliance and protect the privacy and security of customer data through the following:
- Data encryption (both at rest and in transit) on all our cloud servers
- All data are transferred over at least 256-bit SSL (TLS v1.2), providing secure encryption for all data accessed by users via web browsers and mobile apps
- 2FA secured access by Detrack account owners and users
- Restricted access to all servers
- All staff workstations i.e. endpoints of Detrack are protected by anti-virus software and monitored by endpoint threat response system (powered by A.I.)
- Provisioned monitoring solutions to safeguard against security threats, poor security configurations and malware attacks
- Automated data backups
- Automated virus checking
- Upon reasonable notice and during normal business hours, we allow the Secretary of the United States Department of Health and Human Services the right to audit our records and practices related to the use and disclosure of PHI to ensure compliance
- Appointed HIPAA Privacy and Security Officer who create, maintain, review and enforce our HIPAA policies and procedures
- Notice of data breach no later than 72 hours from the discovery of the breach
- All Detrack employees are required to sign and endorse data protection policy as part of their onboarding program
- Annual Security Awareness Training for all Detrack staff
- HIPAA awareness training enforced for all staff with access to customer data
- All data will be automatically purged from our database upon reaching 5 years. Detrack account owners can delete the data from Detrack at any point in time.
Detrack’s commitment to privacy and security
HIPAA compliance is just one of the data protection standard we want to offer our Detrack users around the world to ensure they can trust us with their data. We can assure you that all appropriate measures are taken in order to maintain HIPAA compliance.
Stay tuned for more updates regarding Security and Privacy from Detrack.
For any HIPAA-related enquiries, please contact Detrack’s HIPAA Privacy and Security Officer:
Joshua Lau (Mr.)