Eliminate patient no-shows
Handle patient calls 24/7
Schedule patient appointments online
CALL 000-000-000

Information security. How does AssistMedic conform to the HIPAA / PIPEDA requirements?

Any software like AssistMedic falls under the regulations of HIPAA, PIPEDA and other similar information protection acts and must comply with the safeguard rules established by HIPAA / PIPEDA. That is why we have taken special precautions to ensure that AssistMedic will not allow any unauthorized 3rd party to access to any patient information. Some of the security features that we built into AssistMedic from the very beginning include:

  • All user interaction with our service is protected by an industrial-strength 256-bit SSL certificate.
  • Optionally for clients that require higher levels of encryption we setup an encrypted VPN connection.
  • The hosting server itself is protected by a firewall which prevents unauthorized access.
  • Inactive client sessions are logged out automatically after a pre-defined inactivity interval.
  • Different groups of medical staff are supported. Different user types need different access privileges. For example doctors must be able to edit their own schedule or manage patients that are assigned to them and managers on the other hand need to manage all patients and all doctors for a given clinic. Support for fine-grained access privileges is a must for any clinic that values the security of its patient records, because this ensures that each doctor in a clinic has access only to the patients that have been assigned to him.
  • All submitted forms can be be printed to a paper document or exported in order to create a HIPAA-compliant paper trail.
  • Regular data back-up is performed once every 6 hours. The data is encrypted with an asymmetric key before the back-up, which guarantees that even if someone obtains unauthorized access to the backed-up data he will not be able to decrypt and use it. The back-up is performed on the server regardless of the user settings of different business owners and doctors. This greatly increases the security and reliability of the system. A single place of server-side back-up means that there is no need for business owners or doctors to perform their own back-ups. This eliminates the risk of a business owner or doctors losing the system backup and thus patient information falling into the hands of any 3rd parties.
  • The system is completely browser-based which means that it does not require installation of any additional software on the computers of business owners or doctors. This in turn decreases total cost of ownership/service for business owners.
  • Unlike with desktop applications there is no risk of for the medical application itself being infected by viruses or damaged in some other way.

See also this page where we explain what is HIPAA and why it is important to conform to its requirements.