Security
Back
Your patient's Personal Health Information (PHI) is safe with ClickCare...
Access Control and Authentication. User Login and Password may include letters, numbers, or symbols, is masked on the screen, and must be re-set after HelpDesk intervention. Final password requirements are left to the individual organization's discretion. The application locks out after 3 unsuccessful attempts.
Security and Monitoring. Administrator can access a list of authorized users and their privileges and a list of users logged in. Inactive user sessions are self-terminated after 30 minutes.
Role-Based Privileges. A user can see only see his patients and those of his coverage group. Their is a hierarchy of Administrators and Users with the "need to see or do" guiding the restriction. The customer can assign a local administrator to configure logins and provider privileges.
Security Events Tracking. The application creates a log record after either an administrator or a user has logged in or out. The application logs the admistrator changing privileges, changing groups,adding logins, and bringing-down the application. The application monitors user activity, logs specific changes to a record, date and time. Each key stroke is logged centrally; a local administrator can elect to make their own audit log. The application tracks and logs inactive session violations. The server itself is an X3400 E5430, a Quad-Core Intel Xeon 2.66GHZ, stored in a locked, climate-controlled room with highly restricted access and is attended and monitored 24/7. Tape backups are made nightly. At least one set of tapes is always kept off-site at an equally secure storage facility. Each nightly backup includes the files for all data, the application itself, and all configuration settings in an unaltered format. In the event of a regional disaster, we have an additional backup server located several hundred miles away.
Audit Reporting Capability. Upon request, the individual keystroke audit record can be manually restored, completely or using specific parameters.
Data Integrity Assurance. Both the application's security files and data files are maintained in a physically secure location, safe from unauthorized access, modification, or deletion. The data files and the application are separated. The server is hosted at a facility that passes the rigorous requirements of medical applications and HIPAA security. The facility's policies, procedures, and equipment have been inspected and reviewed by the Joint Commission on the Accreditation of Healthcare Organizations (JCAHO) and the New York State Health Department. HIPAA compliance and security procedures are reviewed and tested on an ongoing basis. Data is encrypted during transmission using SSL technology. Records can be locked down at an interval chosen by the individual organization.
Source-Code Changes are disciplined. When new versions are moved into production, a formal staging process is used.