Is my data secure with Artichoke?

We understand that the security of your data is very important, which is why we have architected our data storage in a way that will keep your client information safe from lurking eyes.

Since there are likely more breaches of client information offline than online, storing your data on a secure environment in the cloud can be much safer than storing it locally on hard drives and certainly more secure than paper based systems which can be misplaced or stolen.

Following are some important steps that Artichoke has taken to protect your client data online, yet make it easily accessible for you on any device:

 

Data Encryption:

Encryption basically means that if anyone were to gain access to your data, it would be unusable because it is jumbled without the key required to organize it all.  With Artichoke, your data is encrypted "at rest" and "in transit."  "At rest" refers to data that is not in use and "in transit" refers to data actively being called upon and in use.  Artichoke uses an SSL protocol for the data "in transit" which is on the list of approved protocols by HIPAA. 

NOTE: It is never safe to email or text personal health information on any device using any software.  

 

Cloud Storage vs Local Storage:

Most data security breaches don't involve highly skilled hackers accessing complex databases.  There are far more examples of fines that resulted from handwritten client notes and lap top computers with data stored on local hard drives falling into the wrong hands.  For this reason, cloud based software with the proper security credentials provides a higher level of protection than a manilla folder, serial notebook, or single computer with locally stored files.  Artichoke is a cloud based solution which requires security credentials (which you create) to access.  If you lose your phone, tablet, or laptop, no problem. You can access your data from any connected device. However, anyone else that finds or tries to use your lost device will not have access to your Artichoke account without your credentials.  Since NO CLIENT DATA IS STORED LOCALLY ON THE DEVICE using Artichoke, a lost device is an inconvenience but not a huge liability. 

TIP: Save your Artichoke credentials in a safe place and do not share them with anyone. 

 

Database Logs:

Artichoke log files are tracking all access to the servers 24/7 so that there is a full historical record which could be used for an audit or investigation if necessary.  This is just another layer of protection that can be used to monitor and protect your client data.

Read more about personal identifiers, PHI, and HIPAA here.

 

Rotating Credentials:

It's a good idea to rotate (change) your log in credentials every 30-90 days or after you've lost a device for an added layer of security.  This takes less than 60 seconds from any connected device.  

1) SETTINGS

2) MY ACCOUNT

3) PASSWORD

 

Do you know what PHI is?

Taken from the HHS web site:

Protected health information is information, including demographic information, which relates to:

  • the individual’s past, present, or future physical or mental health or condition,
  • the provision of health care to the individual, or
  • the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Protected health information includes many common identifiers (e.g., name, address, birth date, Social Security Number) when they can be associated with the health information listed above. 

A list of personal identifiers that combined with any of the three types of health information above constitute PHI.

(2)(i) The following identifiers of the individual or of relatives, employers, or household members of the individual, are removed:

(A) Names

(B) All geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP code, and their equivalent geocodes, except for the initial three digits of the ZIP code if, according to the current publicly available data from the Bureau of the Census:
(1) The geographic unit formed by combining all ZIP codes with the same three initial digits contains more than 20,000 people; and
(2) The initial three digits of a ZIP code for all such geographic units containing 20,000 or fewer people is changed to 000

(C) All elements of dates (except year) for dates that are directly related to an individual, including birth date, admission date, discharge date, death date, and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older

(D) Telephone numbers

(L) Vehicle identifiers and serial numbers, including license plate numbers

(E) Fax numbers

(M) Device identifiers and serial numbers

(F) Email addresses

(N) Web Universal Resource Locators (URLs)

(G) Social security numbers

(O) Internet Protocol (IP) addresses

(H) Medical record numbers

(P) Biometric identifiers, including finger and voice prints

(I) Health plan beneficiary numbers

(Q) Full-face photographs and any comparable images

(J) Account numbers

(R) Any other unique identifying number, characteristic, or code, except as permitted by paragraph (c) of this section [Paragraph (c) is presented below in the section “Re-identification”]; and

(K) Certificate/license numbers

(ii) The covered entity does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk