MediFacts security covers both the physical and data aspects of security. The easiest one to handle is the physical side. The central site is behind many locked doors and off the beaten trail. Only a few people have keys. Outside doors to the facility are locked during hours of patient inactivity and doors into HIPAA protected areas are behind access controlled doors. During our site evaluation, Medifacts will advise you on the steps necessary to make your location HIPAA compliant.
In MediFacts data is made secure by controlling access to the system, assigning permissions for specific data access while using the system, terminating access to those individuals no longer employed, logging all changes to patient protected data, systemically forcing periodic password changes, using a password strength meter to force at least medium passwords for most users, verifying identity on a periodic basis or when entering certain administrative areas, sending real-time text and email alerts to the Security Officer and MediFacts administrator when certain key events are attempted on the system, logging all changes to the permissions system, encrypting all patient protected data files, logging all prints or exports from the system, requiring that the Security Officer regularly review the aforementioned logs, documenting every screen anyone on the system uses and mandating in our policies and procedures that any activity putting patient data at risk is a reportable Security Incident.
Employees are regularly reminded about HIPAA security on the initial logon page. These informational warnings are rotated on a periodic basis.
If the HIPAA required backup of your patient data fails the MediFacts Security Officer and MediFacts Administrator are notified in real time by text and email. Remediation of the problem is started.