“I’m sorry Dave, I’m afraid I can’t do that”
wePortal takes your security and the security of your clients very seriously. Because of this, our development team spent countless hours designing and thoroughly testing the portal to ensure that there were no cracks or leaks in its security. To help with this process, our development team has created a staging site where all new features and modules can be tested for possible security breach points before client data is ever entered. wePortal also utilizes the staging site to perform stress tests on the system as an added security measure.
Here at wePortal, we feel that electronic healthcare information protection is a detailed process and just having policies in place to ensure security is unfortunately inadequate. So in an effort to protect its client’s data, wePortal routinely performs checks of its systems and it’s protocol to guarantee that your data and your client’s data is protected. To help manage this process, wePortal has created a compliance tracking system to enforce the strict guidelines the wePortal team has set for system.
Some of the steps we take while working with our hosting partner.
Trust us, they are really on top of their precautionary measures…
Encrypted Data Storage
“Behavior analysts discuss confidential information obtained in clinical or consulting relationships, or evaluative data concerning patients, individual or organizational clients, students, research participants, supervisees, and employees, only for appropriate scientific or professional purposes and only with persons clearly concerned with such matters.”Responsible Conduct (2.07 Maintaining Confidentiality. D)
HIPAA states that each user within the software ecosystem should only be able to view the “minimum necessary” information to perform his or her job. In other words each user’s role will be defined within the software ecosystem based on the user’s role within their organization as well as which clients and client information he or she has access to. To account for this regulation, wePortal has created an advanced User Permission system which allows administrators the ability to give, edit, and remove user access to any part of the portal.
Not only does our system have a User Permission system to account for patient based security and access to patient records, but we have also developed a highly advanced authorization system which designates which users are able to access any client records. For example, therapists will only have access to patient records once they have been assigned an authorization within the system. Once the authorization has been removed, the subsequent access to that patient’s data will be removed as well.
What does this all mean?
What all of this means that is wePortal employs Role-Based Security measures that are in place throughout the entire wePortal ecosystem and throughout all of its modules to ensure that only authorized individuals can access client and staff member data. The authorization and permissions systems are central pieces in the compliance effort and help to ensure that HIPAA rules and regulations are upheld. And just as an added piece of security, the User Permission system is only accessible by the person designated in your organization as the super admin.
“Behavior analysts have a primary obligation and take reasonable precautions to respect the confidentiality of those with whom they work or consult.”Responsible Conduct (2.07 Maintaining Confidentiality.)
Unfortunately email is not a secure way to send and receive protected health care information. Because of this, wePortal has developed a simple solution whereby notifications are sent through email to recipients indicating that they have a message in the portal and should log in to the software to check the message. In other words, the portal sends an email to the recipient of the message telling them that they need to login into the portal and check the message. This keeps all sensitive information in one system by preventing it from travelling through the internet via email, where it might be nefariously intercepted.
wePortal’s internal messaging system ensures that protected healthcare information, stays just that way…protected. Only users with a login and password can access messages and just like every other part of the system, it is role-based meaning that only authorized users (people that are supposed to be accessing that info) can access that information. The data and information never leaves the protected environment of the portal.
“Behavior analysts maintain appropriate confidentiality in creating, storing, accessing, transferring, and disposing of records under their control, whether these are written, automated, or in any other medium.”Responsible Conduct (2.08 Maintaining Records.)
One of the most easily identifiable HIPAA requirements is that healthcare organizations keep a log of who did what within the software ecosystem. Fortunately, you can do all of these things. Adminlite comes complete with and Audit Trial function that allows authorized users to monitor which users performed functions within the system. The audit trail function allows users to not only identify what was viewed and at what time, but also identifies what the user changed within that area. If a file accidentally goes missing, you can figure out who accidentally deleted it and train your staff not to repeat the same mistake.
The term “security incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system. As part of wePortal’s rigorous compliance protocols, organizational administrators can track any incidents that may occur within the system through our neatly organized audit trail system. Tracking incidents is a key part of your company’s compliance process, and shows evidence that your company is serious about its security compliance and protocol.