CareLink is Built from the Ground Up for Security

CareLink Security

CareLink is designed to comply with all Security Requirements for storing and transmitting Protected Health Information. CareLink takes great care to ensure that data communicated between care facilities and our providers is submitted and stored securely.

 

Patient health information (PHI) data is transmitted to us via 256-bit encryption and our servers have built in security and back up features.

To ensure protection of PHI, we have built and implemented a security solution with Internet Explorer 9.0+, Secure Socket Layers (SSL), and database authenticated logons with encryption. This tight integration allows us to provide:

  • Control over who can access personal information
  • Security over the Transmission of information
  • File integrity

CareLink HIPAA Statement (Last Updated 12/2022)

In August 1996, the Health Insurance Portability and Accountability Act (HIPAA) was signed into law. This legislation is meant to improve the portability and continuity of health benefits, to ensure greater accountability in the area of health care fraud, and to simplify the administration of health insurance.

This statement provides a summary of the policies and procedures we have implemented to help protect data sent, received, and saved by their online communication system My Mobile Practice Manager.

My Mobile Practice Manager Administrative, Physical and Technical Safeguards

We have administrative actions, policies, and procedures, as well as provide training to our employees regarding safeguarding data and compliance with HIPAA regulations and the protection of personal health information (PHI). 

All personnel including independent Medical Practitioners and office staff requiring access to the CareLink system that contains PHI must satisfy a user authentication mechanism such as a unique user identification and password to verify their identity. PHI, including inquiries, documents, messages, fax communication, or other information sent, received, and saved on CareLink services is protected and secure. It is only accessible by the account holder and authorized personnel for the purposes of providing patient care. 

My Mobile Practice Manager discloses non public personal information including PHI to medical service providers through access to the website. This information is disclosed to providers as a way to provide for patient treatment as allowed under HIPAA. CareLink users can limit which patient data is shared to assisting medical providers and should ensure that PHI is shared is limited only to information reasonably necessary to provide patient care.

My Mobile Practice Manager utilizes physical measures, policies, and procedures to protect electronic information systems, facilities, and equipment from natural and environmental hazards including unauthorized intrusion. The CareLink system is hosted in a world class data center that includes state-of-the-art redundant electrical power, cooling, and telecommunication facilities. This data center also includes 24x7 manned security.

My Mobile Practice Manager actively monitors its network infrastructure for intrusion. Access to CareLink servers is monitored 24x7 and all access is logged. My Mobile Practice Manager requires that all accounts use unique user identification, such as a user name and password. For added security, credentials and data sent to and from customers are sent over the Internet via a secure channel using Secure Socket Layer (SSL).

CareLink employs a Zero Trust application security model where all user's identity must be validated before a user action can be undertaken. CareLink also employs the enforcement of strong password and optional integration with Multi Factor Authentication (MFA) capabilities as well as corporate Identity Providers (IDP)s to add additional security and access protections to our client accounts.

Application Security, Encryption, and Data Backup

When a user sends an inquiry, message, or other information with CareLink your account is validated for access control.  We protect the integrity of our software and of the client's hardware accessing our network. We employ leading third-party anti-virus software that scans each computer, each accessed file, and all email messages. Anti-virus software is frequently updated automatically to prevent the introduction of malicious code into our network infrastructure.

My Mobile Practice Manager uses strong encryption technology that helps to protect online data. When you connect to the CareLink system, data is encrypted at your computer and decrypted on the CareLink servers using Secure Sockets Layer (SSL) technology.

My Mobile Practice Manager uses the strongest commercially available encryption products including 256-bit SSL Certification. When you logon to your CareLink account, a padlock icon appears in the Web browser indicating that SSL encryption is helping to protect your information.

Patient data, including inquiries, message, and other information sent, received, and saved on CareLink services is protected and secure. PHI information is stored in an encrypted format and patient demographic information is not stored in direct reference to patient medical information. Patient data is saved on secure systems that are behind firewalls with active intrusion monitoring and countermeasures. A limited number of My Mobile Practice Manager personnel have access to production servers, which are maintained in secure, limited access data centers with multiple layers of physical and electronic security.

Although uncommon, a failure in of the CareLink infrastructure should not significantly impacts service. Redundant components and infrastructure help to ensure a 99% availability of the service. Industry standard practices are followed for the backup and restoration of critical PHI data. Nightly backups are stored on a separate network than our production services to ensure the highest level of confidence in our data backup system. Data restoration processes are documented and tested in accordance with best known practices.

My Mobile Practice Manager Fax Security Measures

We provide the following features to help organizations comply with HIPAA regulations for sending and receiving fax data:

  • Physical security - CareLink fax servers are housed in secure environments, which can only be accessed by approved personnel.
  • Audit trail - our online fax service provides a full audit trail of faxes sent and received. The audit trail can be viewed only by approved personnel.
  • Encryption - fax message are encrypted using the best available method before they are sent
  • Automatic fax removal - messages are automatically deleted upon sending and deleted within 30 days after receipt
  • User authentication - our system authenticates users with username and password, enabling you to enforce the appropriate access rights to faxes

Use of 3rd Party Applications and Contractors

My Mobile Practice Manager utilizes 3rd party applications to provide services to our customers. CareLink does not disclose specific patient PHI as it relates to patient health information, diagnosis, condition, treatment plan, payment information, or medical history. CareLink does not share explicit patient address and / or location information. The information is aggregated and transmitted so that no information shared can be linked specifically to an identified patient within a practice. CareLink takes all reasonable safeguards to ensure that data transmitted to 3rd parties is not seen by someone who is not specifically providing medical care to a patient.

My Mobile Practice Manager operations, maintenance employees and contractors may have limited access to your non public personal information, including PHI, while providing products or services. These contractors include vendors and suppliers that provide technology services for the operation and maintenance of our Web site. Access to non public personal information, including PHI, by these contractors is limited only to information reasonably necessary for the third party to perform its function for My Mobile Practice Manager. We also require that our contractors adhere to local, state and federal law.

My Mobile Practice Manager may use and disclose protected health information to 3rd parties and contractors for the specific purpose of assisting the treatment and health care operations associated with a patient's care as allowed by the HIPAA Privacy Rule.

In this context treatment is the provision, coordination, or management of health care and related services for an individual by one or more health care providers, including consultation between providers regarding a patient and referral of a patient by one provider to another.

The instances in which CareLink may disclose PHI for Health care operations are related to the following activities: (a) quality assessment and improvement activities, including case management and care coordination; (b) business planning, development, management, and administration; and (c) business management and general administrative activities of our customers.

Annual HIPAA Risk Assessment

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that covered entities and its business associates conduct a periodic risk assessment of their healthcare organization. As such, CareLink meets this requirement by annually assessing threats and vulnerabilities of our platform as well as risk profile of the impact of such events occurring. We maintain documented controls and policy procedures to reduce the occurrence of such risks as well as mitigate the risk of any risk event.

For questions regarding this HIPAA statement please email us at hipaa@mymobilepracticemanager.com