Privacy & Security Practices

When sharing electronic medical information, patient privacy and data security is our highest priority. HealthInfoNet adheres to the highest security standards available.

The HealthInfoNet network is protected by a dedicated Firewall, which denies any unauthorized connection attempts and maintains logs that are actively reviewed. The network is continually protected from and monitored for potential threats. The network also has an intrusion prevention system providing a second level of security in the rare case a connection to the network is made. This system prevents hackers from getting any information off the servers and immediately alerts HealthInfoNet’s security team of the connection.

User Accounts
HealthInfoNet creates and manages all user accounts for individuals who have access to the exchange. HealthInfoNet maintains three levels of user access, with only clinicians and their support staff granted access to patient information. After a user has been “authorized” by HealthInfoNet, they are securely sent login information and required to change their password immediately. Passwords must be unique and can only be reset by authorized personnel who can verify the user’s identity.

HealthInfoNet uses a secure data center, located in a climate-controlled facility with built in fire and water detection and suppression systems and monitored with 24-7 surveillance and security card access system. All data are sent through a virtual private network and encrypted using SSL 256 when transmitted from point to point. Personal identifiable information is encrypted at all times and stored separately from clinical data. The provider portal is also read-only and can be entered only through encrypted connections created by HealthInfoNet. All HealthInfoNet databases use encryption of data in motion and at rest, which ensures that in the unlikely event of a breach the data would be unreadable.

Provider activity logs are audited daily by HealthInfoNet staff. All users, including their staff, have a unique identifiable account to maintain secure access and audit trails. Each participating provider site can also query these logs and provide activity reports to patients at any time. HealthInfoNet also performs an annual third-party audit and bi-annual penetration test to ensure all technology has necessary security measures in place and is compliant with all privacy and security requirements.

HealthInfoNet adheres to a wide range of policies related to privacy and security areas such as personal workstation security, risk analysis, access authorization, data protection and audit procedures. The organization also maintains policies and procedures to respond to events such as a breach or other security incidents and threats, consistent with state and federal law, including notification of patients.

Click here for more information about laws and regulations meant to keep healthcare information private and secure.