HIPAA requires that you have technical safeguards, physical safeguards, and administrative safeguards. Requirements for technical safeguards include that you have access control, audit controls, integrity, authentication, and transmission security. HIPAA physical requirements include having facility access controls, workstation use, workstation security, device and media controls. For administrative safeguards you must have a security management process, assigned security responsibility, workforce security, information access management, security awareness and training, security incident procedures, contingency plans, evaluation, and business associate contracts. We ensure that all HIPAA requirements are fulfilled.
We implement many technical safeguards to ensure that your website is compliant with HIPAA. We ensure unique user identification for all of the accounts created through your website. We have emergency access procedures obtaining necessary electronic protected health information (ePHI) during an emergency. Our sites have an automatic logoff feature that terminates an electronic session after a predetermined time of inactivity. We encrypt all ePHI both when it is being transmitted and at rest on your database. We have audit controls for hardware and software that record and examine activity in information systems that contain or use ePHI. Our sites implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner. Anyone trying to log into your system is authenticated before being granted access. We have transmission security integrity controls to ensure that electronically transmitted ePHI is not improperly modified.
In order to ensure that physical safeguards are in place we work with Google to house your data. Google guarantees that the physical databases are maintained in a manner that is compliant with HIPAA. To read more about the steps that Google takes to ensure HIPAA compliance follow this link https://cloud.google.com/security/compliance/hipaa/ Google will also issue you a Business Associate Agreement stating that they understand that the data that you are storing is ePHI and that they will comply with all HIPAA requirements. Additionally, Redding Software will sign a Business Associate Agreement with you prior to building your site. Both Google and Redding Software ensure that there are facility access controls with contingency procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency. We implement a facility security plan with policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft. We have access control and validation procedures, maintenance records , workstation use, workstation security, device and media controls, device and media accountability , and data backup.
Redding Software also complies with all of the administrative requirements of HIPAA. We have a security management process that includes risk analysis to see where ePHI is being used and stored in order to determine all the ways that HIPAA could be violated. We conduct risk management by implementing sufficient measures to reduce these risks to an appropriate level. We regularly review system activity and logs. We designate a HIPAA security and privacy officers. Redding Software conducts employee oversight and implements procedures to authorize and supervise employees who work with ePHI, and for granting and removing phi access to employees. We also ensure that an employee's access to ePHI ends with termination of employment. Redding Software employees regularly conduct security awareness training. We have procedures for guarding against, detecting, and reporting malicious software. We have security incident procedures to respond to and report security incidents.
SQL injections are when a hacker tries to alter your database by including SQL commands in the forms that people are able to submit on your site. At Redding Software we combat these attacks by using software that searches all data before its uploaded. During the search if characters that are needed to perform a SQL injection are found we prevent the upload from happening. Our security professionals are then alerted to the attempted attack.
A brute force attack is when a hacker tries to figure out your password by trying numerous passwords until they input the right one. We combat these attacks by only allowing for 10 incorrect attempts to enter a password. After the 10th attempt the password is automatically reset. A new password is then automatically generated and emailed to the client. If the client enters the correct password prior to the 10th attempt then the number of allowed attempts resets.
Malware is any malicious software that is intended to harm, alter, or steal information from your system. Our systems are routinely scanned for viruses and other malicious software. We use state of the art software to detect and prevent viruses from compromising your system. If a virus is detected we can remove it without causing any damage to your data.