Is my data secure with Artichoke? HIPAA Compliance

Artichoke is HIPAA compliant through a partnership with an industry leader who has a singular focus in the area of HIPAA data security. Would you feel better knowing that your client data is secure enough to meet the highest industry standards for health care providers? Is it worth the risk not to?

We understand that the security of your data is very important, which is why we have architected our data storage in a way that will keep your client information safe from lurking eyes. Artichoke has also partnered with a leader in HIPAA data security compliance, ClearData.

Since there are likely more breaches of client information offline than online, storing your data on a secure environment in the cloud can be much safer than storing it locally on hard drives and certainly more secure than paper based systems which can be misplaced or stolen.

Following are some important steps that Artichoke has taken to protect your client data online, yet make it easily accessible for you on any device:

 

Data Encryption:

Encryption basically means that if anyone were to gain access to your data, it would be unusable because it is jumbled without the key required to organize it all.  With Artichoke, your data is encrypted "at rest" and "in transit."  "At rest" refers to data that is not in use and "in transit" refers to data actively being called upon and in use.  Artichoke uses an SSL protocol for the data "in transit" which is on the list of approved protocols by HIPAA. 

NOTE: It is never safe to email or text personal health information on any device using any software.  

 

Cloud Storage vs Local Storage:

Most data security breaches don't involve highly skilled hackers accessing complex databases.  There are far more examples of fines that resulted from handwritten client notes and lap top computers with data stored on local hard drives falling into the wrong hands.  For this reason, cloud based software with the proper security credentials provides a higher level of protection than a manilla folder, serial notebook, or single computer with locally stored files.  Artichoke is a cloud based solution which requires security credentials (which you create) to access.  If you lose your phone, tablet, or laptop, no problem. You can access your data from any connected device. However, anyone else that finds or tries to use your lost device will not have access to your Artichoke account without your credentials.  Since NO CLIENT DATA IS STORED LOCALLY ON THE DEVICE using Artichoke, a lost device is an inconvenience but not a huge liability. 

TIP: Save your Artichoke credentials in a safe place and do not share them with anyone. 

 

Database Logs:

Artichoke log files are tracking all access to the servers 24/7 so that there is a full historical record which could be used for an audit or investigation if necessary.  This is just another layer of protection that can be used to monitor and protect your client data.

Read more about personal identifiers, PHI, and HIPAA here.

 

Rotating Credentials:

It's a good idea to rotate (change) your log in credentials every 30-90 days or after you've lost a device for an added layer of security.  This takes less than 60 seconds from any connected device.  

1) SETTINGS

2) MY ACCOUNT

3) PASSWORD

 

Do you know what PHI is?

Taken from the HHS web site:

Protected health information is information, including demographic information, which relates to:

  • the individual’s past, present, or future physical or mental health or condition,
  • the provision of health care to the individual, or
  • the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Protected health information includes many common identifiers (e.g., name, address, birth date, Social Security Number) when they can be associated with the health information listed above. 

A list of personal identifiers that combined with any of the three types of health information above constitute PHI.

(2)(i) The following identifiers of the individual or of relatives, employers, or household members of the individual, are removed:

(A) Names

(B) All geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP code, and their equivalent geocodes, except for the initial three digits of the ZIP code if, according to the current publicly available data from the Bureau of the Census:
(1) The geographic unit formed by combining all ZIP codes with the same three initial digits contains more than 20,000 people; and
(2) The initial three digits of a ZIP code for all such geographic units containing 20,000 or fewer people is changed to 000

(C) All elements of dates (except year) for dates that are directly related to an individual, including birth date, admission date, discharge date, death date, and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older

(D) Telephone numbers

(L) Vehicle identifiers and serial numbers, including license plate numbers

(E) Fax numbers

(M) Device identifiers and serial numbers

(F) Email addresses

(N) Web Universal Resource Locators (URLs)

(G) Social security numbers

(O) Internet Protocol (IP) addresses

(H) Medical record numbers

(P) Biometric identifiers, including finger and voice prints

(I) Health plan beneficiary numbers

(Q) Full-face photographs and any comparable images

(J) Account numbers

(R) Any other unique identifying number, characteristic, or code, except as permitted by paragraph (c) of this section [Paragraph (c) is presented below in the section “Re-identification”]; and

(K) Certificate/license numbers

(ii) The covered entity does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information.

 

Our HIPAA Data Security Partner:
Artichoke has partnered with industry leader, ClearData to ensure that the highest standards of HIPAA compliance are met.

The ClearDATA platform is designed for today’s and future healthcare and life sciences compliance’s needs. The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built Compliance Safeguards, DevOps Automation, and Healthcare Expertise.

ClearData solutions solve the three fundamental challenges in Healthcare and Life Sciences:

  • Securing and protecting sensitive data

  • Deploying Automation for speed and agility

  • Interpreting healthcare and life sciences for the cloud

ClearData is the only healthcare exclusive cloud provider with unmatched healthcare expertise.
HITRUST Certified, the healthcare industry's gold standard for measuring compliance and security.
HIPAA compliant, backed by the industry's most comprehensive BAA.
Advanced PHI security, protecting your patient's privacy and your reputation.
24/7 "healthcare critical" support, skilled support technicians providing rapid resolutions.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk