About the Privacy and Security Rules Adopted Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
TeleTracking Technologies has implemented features to help customers comply with privacy and security regulations adopted under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The primary provisions of HIPAA privacy and security regulations that are relevant to Capacity IQ® solution products and solutions are:
Privacy
Individuals have a right to expect hospitals and other covered entities under HIPAA to protect the privacy of their health information. Patients also have a right to track the uses of their health information and to limit unauthorized disclosure of health information to their employers, insurers, and others.
Health care providers should remove personal identifiers from health information where required before health information is used or disclosed.
Health care providers should limit access to health care information to the minimum necessary and to only those with a need to know.
Data Security
Records containing health information shall be created, stored, maintained, used, transmitted, collected, and disseminated in a secure environment. A secure environment is one that promotes confidentiality and integrity without compromising the availability of information.
Capacity IQ® Solution and HIPAA Features
The Capacity IQ® solution provides the following features to help covered entities comply with HIPAA:
Logs all user access to patient information.
Specific patient identification codes are only recorded if a user changes patient transport jobs or changes patient information.
Allows administrators to set parameters, such as inactivity timeout periods (time periods after which sessions will end automatically if users do not use the keyboard or mouse), the maximum number of failed login attempts that users can have before they are locked out of the applications, retention of password history, and limits on re-using previous passwords.
Provides the following reports so that access to patient and user information can be monitored.
This report . . . | Provides information about . . . |
Application Access Audit | User access to Capacity IQ® Solution applications and patient information. |
Security Modification Audit | Security modifications that users make, such as adding or editing user information, adding or editing roles and groups, and enabling administrative rights for a membership. |
Transport Job Audit | All transactions related to patient transport jobs such as adding or editing a request for a patient transport job, inquiring about a transport job over the IVR, changing the status of a patient transport job, and accepting a patient transport job over the IVR. |