Security Module

HIPAA Compliance

Click to enlarge

HIPAA is an acronym for the Health Insurance Portability & Accountability Act of 1996 (August 21), Public Law 104-191. Also known as the Kennedy-Kassebaum Act, the Act includes a section, Title II, entitled Administrative Simplification, requiring:

• Standardized electronic data interchange improves proves efficiency in healthcare delivery.
• Setting and enforcing standards protects confidentiality and security of health data.

User Restrictions

Optimum modules are designed to comply with HIPAA with fully integrated security schemes that restrict user access and control of patient related information.

User Roles

Every authorized user is assigned a Role based on their job description. Each Role defines the areas and the related programs, functions and data that can be accessed by the user. Once a user is assigned a Role the Graphical User Interface (GUI) displays only those folders and functions the user may select.

Content of Audit Trails

The following data is recorded with each change event:

• Date, time, type, and any applicable error condition of event.
• The ID of the user who caused the event.
• The application that created the audit event.
• The application(s) responsible for executing the event.
• The component or workstation that initiated the event, and where the event happened.
• Description of the event, which may include before and after images.

Activity Review Reports

System activity logs and reports include the following system information:

• Security Incident Responses
• System user privileges granted and changes log
• User-level system access log
• User-level system activity log
• User-level transaction log report
• Exception reports

The required level of system activity logging and reporting capabilities, and the actual scope of the activity review for each risk profile can be defined based on the system's assigned security settings.