Tour

HIPAA Privacy Policy

ChARM EHR is a HIPAA compliant EHR and has stringent security and privacy practices to protect patients' health information. ChARM EHR follows strict and standardized procedures in areas of Access Controls, Network Security, Physical Security, Data Security, Application Security, Operations Security and Business Continuity. A brief overview of the processes followed in MedicalMine Inc. to ensure HIPAA compliance is given below.

Data center

ChARM EHR is a SaaS based solution hosted in "Tier 3 Plus" data centers located in California and a disaster recovery data center located in New Jersey. Our service provider is a California based company with worldwide presence.

People

We have a team of highly trained people staffing our data center. Not only are they specially trained to work in the data center, but are required to staff non-datacenter duties for a sufficient period of time to gain experience before they are permitted to work on the team. We staff sufficiently to provide 24X7 monitoring with at least 2 people on duty on any given time. MedicalMine Inc. complies with HIPAA regulations pertaining to workforce clearance.

Physical Security

Our data centers are hosted in some of the most secure facilities available today in locations that are protected from physical attacks as well as from natural disasters such as earthquakes, fire, floods, etc.

  • Our data centers are guarded by private security 24x7
  • Our data centers are monitored with night vision cameras with PTZ (pan-tilt-zoom) capabilities.
  • Only pre-authorized personnel can enter the data center and entry requires two factor authentication including a biometric system.
  • The building that houses the data center is designed to withstand security attacks.

Data Security

MedicalMine Inc. has policies to ensure compliance with the HIPAA privacy rule.

  • Only employees with the highest clearance have access to our data center data. Employee access is logged and passwords are strictly regulated. We limit access to customer's data to select employees, only to provide support and troubleshooting for the customer.
  • Employees are trained on HIPPA privacy and security policies.
  • Audits are regularly performed and the whole process is reviewed by the management.
  • The access is restricted on several levels and is only accessible from a very restricted, secure intranet. We log and audit every instance of permitted access to our systems. Staff are sensitized to the rigorous standards required to maintain the security and confidentiality of customer data. 99.5% of the time, access to customer data is not required to troubleshoot an issue.
  • We maintain industry-standard firewall protection for the system.
  • Our network is gated and screened by Intrusion Detection and Intrusion Prevention Systems (IDS/IPS)
  • Traffic coming into our servers are automatically scanned for harmful viruses using state of the art virus scanning protocols which are updated regularly.
  • Suspicious traffic is scanned and logged for auditing purposes and monitored daily.
    • All nodes are scanned for viruses separately
    • Only necessary ports are opened to the external world
    • All services are monitored 24x7
    • Weekly vulnerability testing is performed

Application Security

  • The communication between your computer and our servers is encrypted using 128-bit keys. It means that if the information traveling between your computer and our servers were to be intercepted, it would be nearly impossible for anyone to make any sense out of it.
  • ChARM EHR auto-locks the UI when the application is not used for a configured time period, to prevent unauthorized access from unattended machines. ChARM EHR complies with HIPAA and the HIPAA implementing regulations pertaining to the use of automatic log-off in applications.
  • All read and write actions in ChARM EHR are logged for audit.