Products: iClickCare PHI Security
A respect for patient privacy and integrity of data have guided the ongoing development of iClickCare. Throughout the development of HIPAA and HITECH regulations, iClickCare development has been strongly tied to both regulation and good medical practice.
Access Control and Authentication: iClickCare authentication is a login consisting of a valid email address, and an encrypted (masked) password. The password is case sensitive; must consist of six (6) characters – letters and/or numbers; and can be modified only from the iClickCare for the Web login page by email confirmation.
Time-outs: iClickCare for the Web times out due to an inactive session at thirty (30) minutes, and requires a default login to resume. iClickCare for the iPhone/iPad inactive sessions timeout after three (3) minutes, but can be resumed using a secure 4-digit passcode (similar to the secure passcode available for iOS devices).
Role-Based Privileges: An iClickCare user can only access his/her patient visits; his/her delegated patient visits; or those patient visits assigned as part of his/her coverage and/or on-call responsibilities. iClickCare also includes a secure hierarchical list of administrative and user privileges that defines access to functions in the front-end or backend.
Security Events Tracking: iClickCare creates a log record after an administrator/user has logged in or out. The application: logs the administrator changing privileges, changing groups, and adding logins; monitors user activity, logs specific changes to a patient visit record by date and time; as well as tracking and logging inactive session violations.
Audit Reporting Capability: An iClickCare individual keystroke audit record can be manually restored, completely or using specific parameters, upon request. All entries are time and date stamped.
Data Integrity Assurance: iClickCare media (picture, video, PDF) files and data/messaging (text) files are maintained in a physically-secure location, safe from all unauthorized access, modification, or deletion. All data files and the iClickCare application files are kept separate.
Distant backups are made made nightly. Two sites, one in Eastern US and one in the Western US are used to support backup and disaster recovery. Each nightly tape backup includes the files for all data, the iClickCare application itself, and all configuration settings in an unaltered format.
The data is hosted on HIPAA compliant, Amazon Web Services (AWS) with appropriate safeguards and a Business Associate Agreement (BAA) in place. This ensures both personnel, physical and electronic compliance.
Data Validation: Data is encrypted during transmission using 128-bit Secure Sockets Layer (SSL) technology. iClickCare uses checksum validation is on all program files. If a change occurs, the program will not run.
Source Code Changes: All source code changes are rigorously tested and approved on a separate Test Server before being moved to the iClickCare Production Server. When new versions of iClickCare for the Web, and/or iClickCare for the iPhone/iPad are moved into production, a formal staging process is used. Unauthorized attempts to change source code are matched against a checksum. If the checksum fails, the server is shut down.
For sales, contact your local ClickCare Consultant, call ClickCare at: +1(800) 814-5840 or Contact Us by email.