GET THE MOST OUT OF THE HIE’S SERVICES

Learn how HealthInfoNet can provide better, easier, and safer health data services to your organization.

Privacy & Security Practices

HealthInfoNet is dedicated to helping our communities create lasting system-wide improvements in the value of patient care.
Read about our company and meet some of our team members to learn more about how we assist Maine’s healthcare communities.

patient communications

Privacy & security practices with your healthinfonet record
Network

Network
HealthInfoNet’s network is protected by a dedicated firewall, which denies any unauthorized connection attempts and maintains logs that are actively reviewed. The network is continually protected from and monitored for potential threats. It also has an intrusion prevention system providing a second level of security in the rare case that a connection to the network is made. This system prevents hackers from getting any information off the servers and immediately alerts the HealthInfoNet security team of unknown connections.

User Accounts

User Accounts
HealthInfoNet creates and manages all user accounts for individuals who have access to the health information exchange, maintaining three levels of user access (with only clinicians and their support staff granted access to patient information). After a user has been “authorized” by HealthInfoNet, they are securely sent login information and required to change their password immediately. Passwords must be unique and can only be reset by authorized personnel who can verify the user’s identity.

data

Data
HealthInfoNet uses a secure data center monitored with 24-7 surveillance and a security card access system. All data are sent through a VPN and encrypted using SSL-256 when transmitted. Personal identifiable information is encrypted at all times and stored separately from clinical data. The HIE portal is read-only and can be entered only through encrypted connections created by HealthInfoNet. All databases use encryption of data in motion and at rest, which ensures that in the unlikely event of a breach the data would be unreadable.

Audits

Audits
HealthInfoNet audits provider activity logs on a daily basis. All users, including their staff, have a unique identifiable account to maintain secure access and audit trails. Each participating provider site can also query these logs and provide activity reports to patients at any time. HealthInfoNet also performs an annual third-party audit and bi-annual penetration test to ensure all technology has necessary security measures in place and is compliant with all privacy and security requirements.

Policies

Policies
HealthInfoNet adheres to a wide range of policies related to privacy and security areas such as personal workstation security, risk analysis, access authorization, data protection, and audit procedures. The organization also maintains policies and procedures to respond to events such as a breach or other security incidents and threats consistent with state and federal law, including notification of patients.

Click here for more information about laws and regulations enforced to keep healthcare information private and secure.