HealthPORT

HIPAA Statement
Health Insurance Portability and Accountability Act (HIPAA) Compliance Statement

As a healthcare provider, Bioanalogics HMS 1000 is committed to compliance with the requirements of the Health Insurance Portability and Accountability Act (HIPAA).

These regulations pertain to the security, electronic data interchange and confidentiality of Client health information. As a part of its overall quality system Bioanalogics HMS 1000 has established a formal, written program for HIPAA compliance and to ensure that the "Chain of Trust" is maintained between Bioanalogics HMS 1000 and its Clients. This program undergoes regular audits to confirm that the organization meets or exceeds all applicable compliance standards and their associated deadlines.

To meet the requirements for Client data security and privacy Bioanalogics HMS 1000 employs such systems and techniques as:

  • Advanced firewall security
  • Fully alarmed physical perimeter security
  • Sophisticated data encryption algorithms
  • Password protected system access
  • Restricted visitor access
  • Virtual Private Networks (VPN)
  • Intrusion detection systems

    These mechanisms undergo routine evaluation and upgrade as technologies related to security and privacy improve.

    As it applies to our products, Bioanalogics HMS 1000 Weight Management Program, Bioanalogics HMS 1000 has will take steps to meet and far exceed standards for privacy and security. In particular, the Server is placed inside a network firewall, using 128-bit RSA public-key authentication and 128-bit Advanced Encryption Standard (AES) data encryption to insure data security and privacy in transit to Bioanalogics HMS 1000. In addition, Bioanalogics HMS 1000 constantly monitors security/virus issues for potential security risks and can provide prompt updates and Client notification to address any such issues.

    Shell Access -- Bioanalogics HMS 1000 Technical Staff
    The server can be managed using the UNIX command prompt. The command prompt can only be reached using the shell client with the SSH Transport Layer Protocol. This protocol provides between 128-bit and 256-bit encryption for all data communications and is one of the most complicated algorithms available. As an additional precaution, the login must be from a trusted computer that is kept as a short list of static IP addresses.

    Remote Database Access -- Bioanalogics HMS 1000 Technical Staff
    It is necessary to connect to the Bioanalogics HMS 1000 database from a remote database server to maintain the database and execute off-site backups of the data. The connection to this database uses the same SSH protocol as the shell access but connects on a separate port and access is managed via a separate "short list" of computers that are allowed to connect.

    Encrypted Data
    In the unlikely event that the machine is accessed by an unauthorized individual, all Client data is stored in a secure folder on the server. In addition, the format of the data is a proprietary, binary file which using a proprietary encryption method.

    In addition, the technical team constantly monitors the system logs for attempted attacks, unauthorized programs, and services. The physical location of the server at Bioanalogics HMS 1000 means that the server can be physically removed from the Internet if there is an attack on the system which cannot be immediately resolved.

    Bioanalogics HMS 1000 provides the above information to demonstrate its intent and commitment to compliance with the HIPAA regulations. If you would like more information on Bioanalogics HMS 1000 HIPAA compliance efforts, please contact the HIPAA Compliance Officer at (800) 327-7953, or via email at hipaa@healthport.net

    <<Back