iPatient Charge Capture, SignOut and SBAR are HIPAA compliant and meet or exceed HIPAA's Privacy and Security Rules and requirements.
Sensitive patient information is isolated and all transmissions of data (including wireless transmissions) in the system are encrypted using industry-standard 128-bit SSL/AES encryption.
Applicable breach prevention steps are taken in accordance with HIPAA requirements and relevant NIST guidelines. Fluent Medical follows all HIPAA recommended policies, with detailed procedures documented for all known scenarios.
Fluent Medical's servers are located at secure web-hosting facilities on multiple redundant servers with an uptime of 99.9%.
Data is housed on dedicated servers in a secure, SAS 70-compliant data center, using the highest level of industry security precautions, including server firewalls, and 24/7 monitoring. Locked servers are accessible only by specific designated staff with full auditing of all access. All data is automatically backed up every 10 minutes. Data in various installations are isolated from other users of the software.
An enterprise-level web application firewall (WAF) actively protects website and database files from sophisticated hacker attacks. Illegitimate and suspicious visitors are blocked and quarantined so they can't reach any of the information stored.
Access & Authentication
Well-defined user roles and access levels control access to data within the iPatient system. The application also models privileges per facility, ensuring that a user who does not have privileges at a particular facility cannot access personal health data pertaining to that facility.
User sessions on the workstation and mobile versions automatically time out after 2 minutes of inactivity to prevent unintentional exposure of sensitive data. System administrators can configure this timeout period to adhere to organization standards. Users are required to enter their passwords manually at every login and passwords must conform to strict conventions.
Audit & Accountability
Fluent Medical tracks users’ application access and activity, including the date, time, and IP address.
All activities are logged in real time and available for administrators to view. This includes:
- Login user name
- Time of login
- Patient records viewed by the user
- Patient records modified by the user
- Active session duration
For additional information on security, click here.