Healthie Technical Safeguards
HIPAA Compliance – Technical Safeguards
This document provides a high-level view of the technical safeguards in place to ensure compliance with some of the specific standards set forth by HIPAA. For details on any specific area of implementation, please contact firstname.lastname@example.org for further information.
IN THIS ARTICLE:
Types of Users
A. External Users
1. Patients and clients (“patients”)
These are individuals who use the Healthie platform for seeing a dietitian or other healthcare professional. They may be individuals who access Healthie from within their home or from a clinical setting, also referred to as originating site.
2. Clinic Managers / Administrators
These individuals are administrators, managers, nursing or other clinical staff that are associated with an originating site where patients are coming to use Healthie. These users book appointments on behalf of the patients and need to have access to select patient medical data.
3. Dietitians, nutritionists, health coaches, and other healthcare professionals (“health professionals”)
These individuals use the Healthie platform to provide care to patients / clients or are explicitly authorized by a patient to view Healthie records (e.g., a physician). They access past patient records through Healthie and store any new medical information, clinical notes, etc that is generated through the consults on the Healthie platform.
B. Internal Healthie Users
1. Healthie Account Managers
These individuals are the liaisons to clinics, hospitals, patients, and health professionals. They have access to the Healthie platform backend and are trained to access the needed data when needed while respecting and maintaining patient privacy and confidentiality and while also complying with all the administrative safeguards in place to be HIPAA-compliant. These individuals are restricted in the amount of information they can access, to be only relevant to the functions that they perform. All their activities on the Healthie backend are logged and auditable.
2. Healthie Technical Administrators
These individuals have complete access to the Healthie servers and backend. They can access and if they choose, modify data. The activities of these users are logged in multiple ways. Access to this user account type is extremely restricted and is directly controlled by the CTO.
1. Access Control – Standard 164.312(a)(1)
a. User identification: All external and internal users have their own unique user names that are tied to their email addresses and have an internal numeric user ID that is unique. The external user id is the individual’s email address which is easy to remember.
b. Emergency Access Procedure: Emergency situations can be classified into two kinds for safeguard purposes:
i) Medical emergencies - a situation where a patient, health professional, or clinical administrator (external users) needs a Healthie team member to access EPHI on their behalf. In such an event, an external user will be required to contact a Healthie account manager over the phone or video chat, and identify themselves. The Healthie account manager will establish and verify the user’s identity by asking them a series of questions that require knowledge of past account activity and the specific operations or environment of that user. Once identity has been verified, the account manager will be authorized to access the EPHI on the backend. The account manager will be required to document the incident and the details of their encounter by sending an email to email@example.com where it can be reviewed and accessed by internal team members for audit purposes.
ii) Technical emergencies - a situation where due to a server failure, website downtime, or some other unforeseen technical reason, either an external user is unable to access the Healthie or there is an error that needs to be corrected in the data stored on the platform. In such a case, an account manager will loop in a technical administrator who has broader access to the backend and database and can make changes or access data unavailable to an account manager. All the protocols regarding establishing and verifying identity and documenting the incident will be carried out in the same way as they are for medical emergencies.
c. Automatic Logoff - The automatic log off time for Healthie on the web browser is 10 minutes of inactivity. Since Healthie is browser based, users don’t need to be logged off their computer system, and we can force a logoff on the browser. As part of user training, users need to be reminded to not store their passwords in their browsers’ auto save functionality and log off their computers in the event that they do. We are unable to enforce a computer logoff feature since we don’t install any hard software on the users machine. The mobile application currently does not have automatic log off, and is subject to the security standards established by a user’s phone authentication.
2. Audit Controls – Standard 164.312(b)
Healthie uses multiple mechanisms to build and provide an audit trail for both access and update of all information including EPHI. Currently, there doesn’t exist an infrastructure to bring together all this data from disparate data stores into one dashboard for review, and technical administrators must manually review the different logging output. In the future these data sources will be coalesced together. However we are confident that the measures in place today are sufficient to comply with §164.308(a)(1)(ii)(D). Today the following mechanisms are used to construct an audit trail:
i) SSH logs that are stored for 180 days to review access by technical administrators to servers directly at a low level, as well as any unauthorized attempts at accessing the Healthie servers
ii ) SQL query logs to review any queries run against the database directly by technical administrators
iii) Platform Backend activity logs to monitor all activity by account managers, technical administrators and external users on the Healthie Platform
iv) Apache logs to view all web traffic activity on the Healthie website and platform
3. Integrity – Standard 164.312(c)(1)
Healthie ensures the integrity of the stored information through the following means:
a) Only logged in users can make changes to their account information
b) Only clinical managers, specified health professionals, or patients/clients can make appointments
c) Only health professionals can enter new clinical notes
d) Any changes to EPHI by account managers in the Healthie backend are logged as per the audit trail described above
4. Person or Entity Authentication – Standard 164.312(d)
An account manager must establish and verify the identity of a user, whether the person is representing themselves or an entity through a series of questions. Healthie account managers are highly trained and have built relationships with our users from the moment users are onboarded to our platform. The vast majority of calls are from users representing entities who are already known to the account management team. However, the account managers must still ask a series of questions that draw on information from past user (or entity) activity on the Healthie platform as well as identity questions related to the individual in order to establish authenticity. All requests for information over the phone must be documented by emailing firstname.lastname@example.org for broader visibility to the account management and technical support team.
At the moment there is no implementation of a two-factor authentication system, although this is being considered, particularly for individual patients accessing the information from home. This two factor system could be used as means of verifying authenticity over the phone as well.
5. Transmission Security – Standard 164.312(e)(1)
Healthie is a web and mobile-based platform and hence all access to the platform is done over the web and mobile interfaces. This means that in order to ensure the security of the data in transmission, Healthie must use the best possible security measures available. Based on industry standards, Healthie uses SSL/TSL with a 2048-bit encryption key to encrypt all data transmission between Healthie’s servers and the end user’s browsers. Users who don’t have SSL/TLS enabled on their devices are unable to log on to Healthie and access any EPHI. This is the same level of security used by banks and other healthcare organizations and we believe adequately meets the transmission security requirements standard.