Security issues are addressed using
recommendations of the Healthcare Information and Management Systems Society (HIMSS) Privacy & Security Toolkit and the electronic information
security standards mandated by the
Federal Health Insurance
Portability and Accountability Act
(HIPAA)*. According to the HIMSS Privacy & Security Toolkit, a
complete security solution that
maximizes the benefits of networked
data communications must contain
the following elements: User authentication, Access control,
Encryption, Physical
protection, and Management.
User authentication, access
control, and data
encryption issues will be addressed
during the application’s development,
while physical protection and network management
have to be provided by the
production environment.
User authentication and Levels
of access: The systems are oriented on several
types of end-users, each with the
corresponding level of access to
PC data. Initially, when a user attempts
to gain access to computing resources,
the user is prompted
to enter his/her ID and password,
which will be preliminarily
assigned to each user.
Access control: A
user
is able to access only the particular
resource that has been granted
to the user.
Encryption: We utilize secure Web server
communication and support
SSL and HTTPS authentication. All
patient personal data collected
in the PCCR is encrypted. Only
the users with the corresponding
level of access
are able to work
with this
information.
|