products > digitalCLINIC™ > HIPAA > security matrix

digitalCLINIC™

Security Matrix
Call eVero Now
Request Demo

Section &
Standards

Implementation Specification
(Required/ Addressable)

eVero Solution  Methodology

Access Control

164.312(a)(1)

Unique User Identification

(Required)

The initial access to the system is through the input of a USER ID and PASSWORD. The system will record, through an "access audit record", access attempts and indicate success/nonsuccess. Should a USER ID/PASSWORD combination fail three times in succession, the system operator terminal will receive a detailed warning message indicating a possible security problem.

Emergency Access Procedures

(Required)

Policies and Procedures will be developed in the Planning Phase

Automatic Logoff

(Addressable)

Should no activity occur for a period of time (to be determined) the system will automatically sign-off the user and, in the case of dial-up access, disconnect the line. The user is then able to return to that session, in its original state, without having lost unsaved information. This allows an extended automatic logoff time, which improves convenience to the user.

Encryption and Decryption

(Addressable)

PKI allows covered entities to encrypt and decrypt information with public and private keys as it is sent over a public or private network.

Audit Controls

164.312(b)

(Required)

For every occurrence of on-line record maintenance, updates or additions, the system will create a "change audit record" indicating the date, time, USER ID, data before and data after. These audit controls would be important so that Evero (or the operating administrator) can identify suspect data access activities, assess its security program, and respond to potential weaknesses.

Integrity

164.312(c)(1)

Mechanism to Authenticate ePHI

(Addressable)

eVero Access Control allows for the protection of ePHI from improper alteration or destruction. Additionally, alerts can be automatically triggered in near real time upon detection of suspicious activities, such as attempts to damage or illegally modify critical files.

Person or Entity Authentication

164.312(d)

(Required)

Each organization would be required to implement entity authentication, which is the corroboration that an entity is who it claims to be. Authentication would be important to prevent the improper identification of an entity that is accessing secure data. The following implementation features would be used:

  • Automatic log off.
  • Unique user identification.

In addition, at least one of the following implementation features would be used:

 

  • A biometric identification system.
  • A password system.
  • A personal identification number (PIN).
  • Telephone callback.
  • A token system which uses a physical device for user identification

 

Transmission Security

164.312(e)(1)

Integrity Controls (Addressable)

Using the public and private key encryption methodology of PKI, eVero can guard against unauthorized access to ePHI that is being transmitted over electronic communications networks.

 

Encryption (Addressable)

PKI allows the eVero to encrypt ePHI, when appropriate, using both public and private keys.

Have questions for us? Our customer service representatives are available to speak with you 24/7. Just call toll-free at 866-463-8376. You can also speak to one of our customer representative now.

This software trial is a fully functional version of digitalCLINIC™. Every feature and aspect of the product is available for you to try.

Contact Us    |    Careers    |    Privacy    |    Permissions and Trademark Guidelines    |    Sitemap
2009 Copyright © eVero Corporation
866.GO.EVERO
866.463.8376