Security issues are addressed using recommendations of the Healthcare Information and Management Systems Society (HIMSS) Privacy & Security Toolkit and the electronic information security standards mandated by the Federal Health Insurance Portability and Accountability Act (HIPAA)*. According to the HIMSS Privacy & Security Toolkit, a complete security solution that maximizes the benefits of networked data communications must contain the following elements: User authentication, Access control, Encryption, Physical protection, and Management.

User authentication, access control, and data encryption issues will be addressed during the application’s development, while physical protection and network management have to be provided by the production environment.

User authentication and Levels of access: The systems are oriented on several types of end-users, each with the corresponding level of access to PC data. Initially, when a user attempts to gain access to computing resources, the user is prompted to enter his/her ID and password, which will be preliminarily assigned to each user.

Access control: A user is able to access only the particular resource that has been granted to the user.

Encryption: We utilize secure Web server communication and support SSL and HTTPS authentication. All patient personal data collected in the PCCR is encrypted. Only the users with the corresponding level of access are able to work with this information.

 

* HIPAA
Health Insurance Portability and Accountability Act (HIPAA) was signed into federal law in 1996 Public Law 104-191. HIPAA requires the Secretary of the Department of Health and Human Services to adopt standards for electronic transactions, including data elements, standard code sets, unique health identifiers, security safeguards and privacy standards.

The primary intent and purpose of this law is to protect health insurance coverage for workers and their families when they change or lose their jobs. It was recognized that this new protection would impose additional administrative burdens on health care providers, payers and clearinghouses; and therefore, the law includes Section 262, Administrative Simplification. This section is specifically designed to reduce the administrative burden associated with the electronic transfer of health information between organizations, and more generally, to increase the efficiency and cost-effectiveness of the United States health care system. This approach accelerates the move from certain paper-based administrative and financial transactions to electronic transactions through the establishment of national standards.

 
 
PCCR Project
About Project
Security
Collaborative Registry
Statistical Models
Collaborators