Products: iClickCare PHI Security
Access Control and Authentication: iClickCare authentication is a login consisting of a valid email address, and an encrypted (masked) password. The password is case sensitive; must consist of six (6) characters – letters and/or numbers; and can be modified only from the iClickCare for the Web login page by email confirmation.
Time-outs: iClickCare for the Web times out due to an inactive session at thirty (30) minutes, and requires a default login to resume. iClickCare for the iPhone/iPad inactive sessions timeout after three (3) minutes, but can be resumed using a secure 4-digit passcode (similar to the secure passcode available for iOS devices).
Role-Based Privileges: An iClickCare user can only access his/her patient visits; his/her delegated patient visits; or those patient visits assigned as part of his/her coverage and/or on-call responsibilities. iClickCare also includes a secure hierarchical list of administrative and user privileges that defines access to functions in the front-end or backend.
Security Events Tracking: iClickCare creates a log record after an administrator/user has logged in or out. The application: logs the administrator changing privileges, changing groups, and adding logins; monitors user activity, logs specific changes to a patient visit record by date and time; as well as tracking and logging inactive session violations.
The physical server is a 2.66Ghz X3400 E5430 Quad-Core Intel Xeon, stored in a locked, climate-controlled room with highly restricted access and is attended and monitored 24/7. In the event of a regional disaster, there is an additional backup server located several hundred miles away from the main server.
Tape backups are made nightly. An additional set of tape backups is stored off-site at an equally secure data storage facility. Each nightly tape backup includes the files for all data, the iClickCare application itself, and all configuration settings in an unaltered format.
Audit Reporting Capability: An iClickCare individual keystroke audit record can be manually restored, completely or using specific parameters, upon request. All entries are time and date stamped.
Data Integrity Assurance: iClickCare media (picture, video, PDF) files and data/messaging (text) files are maintained in a physically-secure location, safe from all unauthorized access, modification, or deletion. All data files and the iClickCare application files are kept separate.
The physical main server, and backup server are both hosted at a facility that passes the rigorous requirements of medical applications and HIPAA security. The facility's policies, procedures, and equipment have been inspected and reviewed by the Joint Commission on the Accreditation of Healthcare Organizations (JCAHO) and the New York State Health Department. HIPAA compliance and security procedures are reviewed and tested on an ongoing basis.
Data Validation: Data is encrypted during transmission using 128-bit Secure Sockets Layer (SSL) technology. iClickCare uses checksum validation is on all program files. If a change occurs, the program will not run.
Source Code Changes: All source code changes are rigorously tested and approved on a separate Test Server before being moved to the iClickCare Production Server. When new versions of iClickCare for the Web, and/or iClickCare for the iPhone/iPad are moved into production, a formal staging process is used.
For sales, contact your local ClickCare Consultant, call ClickCare at: +1(800) 814-5840 or Contact Us by email.