HIPAA, or the Health Insurance Portability and Accountability Act of 1995, is a set of guidelines that must be followed by any medical facility offering medical services to patients. These guidelines cover information management and medical records.
Electronic storage has meant that the software used to store electronic medical records and databases must also comply with HIPAA security standards.
HIPAA-compliant software is developed to high-security standards. SSL (secure socket layers) is used in these software products. Unauthorized users cannot access the database.
The person who accesses the database must be authorized to do so. He cannot store, modify, or retrieve any data. A system logs users in every time they access the software, providing traceability.
Access control via passwords is another security feature. Administrators can set a password for each user within the system for a period not exceeding 30 days. After that, the system prompts us to create a new password.
If someone knows the password of an authorized user, they will not be allowed to use it. Session timeouts are a standard feature of all HIPAA-compliant software.
This prevents the system's display of data while someone is working, thus preventing passersby from seeing what's on the screen. This protects the database's data regarding patients' medical records. It is difficult to hack into the system.
In addition to system security, physical security must be maintained within the premises through access control and visual supervision. The system may also have an enhanced security system that can be shut down in the event of unauthorized entry.