|
Confidentiality:
SmartMed, LP recognizes that customers have certain
information that is confidential and must be afforded
special treatment and protection. SmartMed, LP will not
divulge, disclose, or communicate any information to a third
party. SmartMed, LP will protect the information and treat
it as strictly confidential.
Upon request, a signed confidentiality statement will be
provided to the customer for each SmartMed, LP employee
and/or representative. An employee or representative of
SmartMed, LP violating the confidentiality of protected
health information is subject to serious disciplinary action
to include termination of employment.
SmartMed, LP shall comply with all applicable laws and
regulations in maintaining the privacy and security of
health information, including but not limited to the Health
Insurance Portability and Accountability Act of 1993 (HIPAA).
Security:
Smartmed Summit was designed to comply with HIPAA
regulations and standards. Summit provides confidential and
secure remote access to protected healthcare information by
utilizing user authentication and data encryption. Summit
uses Secure Sockets Layer (SSL) to provide authenticated and
encrypted communication of protected health information. The
encryption uses a 128-bit symmetric key and 1024-bit
asymmetric key. Users are authenticated by the Summit system
using a username/password pair. Summit also assigns each
user to a role. Users can only utilize features of the
system available based on the role assignment.
SmartMed Summit servers are housed in a commercial data
center in Houston, Texas. This facility has 24x7 on-site
security including internal and external surveillance
monitors and documented security procedures insuring that
only authorized persons have physical access to the
computers housing the data.
The SmartMed Summit servers are protected against
denial-of-service (DoS) attacks and other forms of
unauthorized network access by both a stateful inspection
firewall and intrusion detection system.
Protected health information is stored in systems that
provide maximum uptime and access to data. This is enabled
by redundant hot-swappable hard drives, power supplies and
cooling modules. N+1 redundancy is used throughout to
support the system at full load. |
