The Health Insurance Portability and Accountability Act (HIPAA) addresses the security and privacy of patient health care data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the US health care system. While HIPAA oversight does not specifically apply to dental practice management systems, Dentisoft has nevertheless used HIPAA standards as the requirements for its employed security layers (virtual and physical). These layers of security form a foundation of safety for Dentisoft users which is far in excess of the actual HIPAA requirements.
HIPAA outlines several specifications for Administrative, Physical and Technical safeguards that must be implemented where critical and/or sensitive patient health related information or Protected Health Information (PHI) is involved, for example:
According to HIPAA standards, covered entities must have a contingency plan, and: "Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information." (HIPAA, Section 164.308(a)(7)(i)).
Dentisoft protects its healthcare industry customers against physical systems damage by storing backed-up records offsite, in multiple Amazon data centers. Even complete destruction of the healthcare provider's facility would not result in the loss of patient records.
Another HIPAA standard requires covered entities to: "Allow access only to those persons or software programs that have been granted access right."(Section 164.312(a)(2)(1)). Furthermore, covered entities must: "Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network." (Section 164.312(e)(1)). These provisions also require that backups be encrypted to control access to the data, and that the encryption occurs before any data has been transmitted from a computer to its backup location.
Dentisoft protects backup files with 256 bit AES encryption (adopted as an encryption standard by the U.S. government) before they ever leave our production machines. Backup files are protected during transmission with Dentisoft's 256 bit SSL encryption layer. (Section 164.312(e)(I)) All access to backed-up data requires unique user authentication, and no passwords are stored in clear text. In fact encryption and compression of data occurs "on-the-fly" (rather than begin stored first).