Medical Office One Security

Last Updated on Saturday, 14 March 2009 18:54

HIPAA Rules

Medical practices and other health providers are required by Health Insurance Portability and Accountability Act (HIPAA) to utilize new rules sets  after October 15, 2003. With effect from April 2005, HIPAA requires that security measures to be implemented for physical security and electronically secure transfer of protected health information (PHI) from unauthorized access, retrieval, storage of the electronic data. However there is no such thing as "HIPAA compliant" software. The responsibility to be compliant rests with the medical practice. Keep in mind that the term "HIPAA Compliance" refers to a medical practice obligation and not to a software technical specification.
Two main areas affected by HIPAA are the practice’s billing software and practice management software.

Medical Office One provides the following HIPAA compliant Rules:

1. National Provider Identifier (NPI).
2. Secured access to patient’s data only to authorized personnel with:
   1. Individual authentication - individual logins and passwords
   2. Role Based Access Control
3. Auto-logoff feature. This feature will automatically log you out after the selected amount of time of inactivity.  This prevents others from reading your screen if you have left your office with the application turned on.
4. Audit trails - access to data fields tracked and recorded. The Log File keeps track of changes made to the Patient data in the program, and those changes can be viewed  and printed by opening the Audit Trail Analysis Screen.
5. The power and security features of SQL Server like Password Expiration – in how many days you want the password to expire.
6. Backup and Restore your data files through User Interface with our Utilities.
7. Locked screens with health protected informations (HPI)

Security safeguards

Medical Office One provides a  powerful -two layer- security model that allows high-level control over access to your data (user-level security) and SQL Server features. By using passwords and set of attributes that specifies what kind of access a user has to data or objects in a database (permissions), you can allow or restrict the access of users, or groups of users, to the objects in a Microsoft Access front end and SQL Server back end.  However you must always apply other appropriate safeguards, using antivirus software, taking due precautions when opening files, and maintaining a safer database environment.

In Medical Office One security setup process there are two different layers : The user - level security of Microsoft Access front end and the whole security model of the SQL Server 2005-2008.