Security & Privacy
PortalPlus™ was developed from its inception as a secure and private healthcare application that must be compliant with all applicable HIPAA laws. We have taken numerous steps to ensure the security and privacy of our data. Here are just some of them:
- All communication between the end-user's computer and our server takes places over Secure Socket Layer (SSL) that encrypts all inbound and outbound messages.
- No one can log in to PortalPlus™ without entering a unique username and password.
- Our database is isolated from all communication except our specially configured authorized software.
- Our database logs every single access to Protected Health Information by any party in PortalPlus™
- We encrypt sensitive patient data directly in our database so that even the developers of PortalPlus™ are blind to the contents of the PortalPlus™ database.
HIPAA Compliance
There are two core elements of HIPAA legislation that must be satisfied in order to reasonably refer to a product as "HIPAA Compliant" - the privacy rules enforced by the Office of Civil Rights as part of the Department of Health and Human Services as specified in 45 CFR Parts 160 and 164; and the security rules enforced the Center for Medicare and Medicaid Services (CMS), mostly 45 CFR 164 which further divides into physical safeguards, administrative safeguards, and technical safeguards.
In addition, the recently passed American Recovery and Reinvestment Act of 2009 added additional provisions healthcare vendors ("business associates") must comply with to satisfy HIPAA, however these edicts do not take effect until 2010.
As part of our development process for PortalPlus™ we directly studied this legislation, sought the advice of paid third-party consultants, and actively conferred with our colleagues in healthcare IT. Ultimately, we see HIPAA as a reasonable set of security precautions, and more as a beginning than an endpoint.
We are committed to protecting the security and privacy of every PortalPlus™ user.