|
HIPAA Compliance Statement
Physical Security
Security begins by ensuring that the state-of-the art data center
is physically secure and protected from criminal acts and equipment
and utility failure. Physical security guarantees the safety of
the client data stored within RxTranscript System. Physical
security includes:
![](/images/arr.gif) |
24 x 7 management, security and service availability |
![](/images/arr.gif) |
Motion sensors, video surveillance and breach alarms |
![](/images/arr.gif) |
Biometric, electronic key card and keypad access at all entry and exit points |
![](/images/arr.gif) |
HVAC temperature and humidity-control systems with separate cooling zones |
![](/images/arr.gif) |
Access-controlled
suites with seismically–braced server racks and wire mesh
to prevent intrusion |
![](/images/arr.gif) |
A double-walled service corridor around the perimeter of the suites to prevent electronic
snooping |
![](/images/arr.gif) |
No visual access to client equipment |
![](/images/arr.gif) |
Raised floors and overhead cable gantry |
![](/images/arr.gif) |
State-of-the-art smoke detection and waterless fire suppression systems |
![](/images/arr.gif) |
Multiple fiber trunks for Internet traffic and inbound and outbound telephony |
![](/images/arr.gif) |
Fully redundant UPS (uninterrupted power supply) systems on the premises |
![](/images/arr.gif) |
Multiple
backup diesel generators
|
Data Security
RxTranscript System is designed around the security and privacy of patient information as it
passes through every stage of transcription workflow from dictation, routing and transcription to
document delivery.
![](/images/arr.gif) |
We use an ICSA certified firewall and filter on incoming ports allowing only FTP and management ports for administrative access into our system. |
![](/images/arr.gif) |
The only access to our network is through a highly Secure Virtual Private
Network(VPN) tunnel. Users must have a valid username and password. In addition users must have been assigned a shared security key to gain access. |
![](/images/arr.gif) |
Our network performs Network Address Translation (NAT) and addresses cannot be routed without traversing the firewall. |
|
|
![](/images/inflow_cabinets.gif) |
Internet access
![](/images/arr.gif) |
Requires a unique username and password. |
![](/images/arr.gif) |
After a specified number of failed log-in attempts (determined by the client), the account is
deactivated. |
![](/images/arr.gif) |
After a specified period of inactivity, users are automatically logged out of the system. |
Telephone access
![](/images/arr.gif) |
Unique user identification digit strings |
![](/images/arr.gif) |
Logged and verified ID modifications
|
Network Security
![](/images/arr.gif) |
Dual configuration of High Availability firewalls provide security, packet filtering,
content filtering and intrusion detection. |
![](/images/arr.gif) |
Infrastructure and application changes are subject to rigorous control change procedures. |
![](/images/arr.gif) |
The network is monitored proactively with sophisticated monitoring tools. |
![](/images/arr.gif) |
The system includes an audit controls mechanism with alerts and management reporting. |
|
|
![](/images/inflow_fire.gif) |
Data Destruction
![](/images/arr.gif) |
Data retained on RxTranscript System servers is destroyed based on customer defined contractual agreements. |
Data and voice transmission security
All data and voice transmission among users, third party application and RxTranscript System data centers is conducted through Secure Socket Layer, a secure transmission method that uses 128-bit encryption algorithms, ensuring the privacy and the security of patient information and other personal data.
Business Continuance
Parachute Partners has a business continuance plan in the event of a fire, system failure, natural disaster, vandalism or any other situation that could interrupt operations. The platform is fully redundant and scalable with the use of leading-edge data replication technologies, disc storage solutions. These technologies include:
![](/images/arr.gif) |
Disc mirroring technology that ensures minimal or no loss of data in a catastrophic event |
![](/images/arr.gif) |
Data backups and off-line media that are stored at secure off-site locations |
![](/images/arr.gif) |
The electrical infrastructure at the data center that is supported by dual power feeds |
|
|
![](/images/inflow_NOC.gif) |
Privacy:
![](/images/arr.gif) |
We are not responsible for nor will we provide access to any files on our system to any other person other that those authorized by the originator of the dictation. |
![](/images/arr.gif) |
We will not release any files directly to a patient. |
![](/images/arr.gif) |
The responsibility for enabling the patients to control their health records including access, disclosures, 'minimum necessary' standard, consent and authorization, etc. resides the medical professional who initiated that document.
|
|