At STOPware we prioritize HIPAA compliance by incorporating comprehensive auditing and logging features to meet regulatory guidelines. To illustrate how PassagePoint HL7 handles Protected Health Information (PHI) and Personally Identifiable Information (PII), we have outlined some of the product's key capabilities:
- Hospital has full control over what Patient Data PassagePoint would store: PassagePoint is designed to not store any HL7 message and use it to process data later. We provide configuration to the administrator to choose the data they want to store for the HL7 messages. These Action Rules to cherry pick specific data are governed by HL7 message type, a regular expression on any of the message segments and another regular expression on the value to be picked. In other words, the administrator configures PassagePoint specifying which data with an HL7 message the application will store. This capability gives full control to the Hospital to comply with HIPAA guidelines unlike other applications.
- On-premises Application Server and Database: PassagePoint is installed on-premises, and the hospital has full control over the server and the database. Hence all compliances and guidelines for PHI and PII data are controlled by the hospital. You can implement your access rules, your database access policies, among other things to keep data safe at rest.
- Extensive Auditing and Logging: We understand the auditing and logging requirements under HIPAA and hence we provide detailed audit reports as well as logging capabilities. We provide audit reports that include:
- Audit event for any Patient lookup. Such information includes search arguments used, date and time, user account used, Patient Name and ID, IP address and station name, station location among others.
- Audit events for any Patient specific report accessed where again extensive details are audited as listed on the point above.
- For non-patient records, we provide reports that provide:
- User Account Login and Log out information
- Visitor Sign In and Sign Out information
- Record modification information
- Data merge event information
- Delete operation information
- Other than this we provide a Report Center tool where you can use predefined data elements to create custom reports.
- Now for Logging, Passage Point Global maintains log files that roll over daily. These log file help trace actions and operations made in the application. We support different logging levels like Error, Info, Debug, among others where the hospital can choose the level of logging they want to enable and retain.
- Hospital IT has full control over things like system logs, invalid access to the server, Active Directory authentication, access to physical files, alerts raised by security software’s like firewalls, anti-malware software, external network connections, among others. Hence, we provide full control to apply the level of compliance hospitals want to follow.
- We also have a strong Technical Support Team that can assist the hospital with configurations, upgrades, log and audit monitoring among others to help hospitals with HIPAA compliances and system maintenance.
- We do multiple product upgrades and releases (usually 1 every quarter) where we address new security fixes, vulnerability issues, feature upgrades, among others to keep the product and technology up to date.
In an era where data security and compliance are crucial, PassagePoint HL7 stands out as a leader in healthcare data management. Our robust features, including full control over patient data, on-premises application server and database, extensive auditing and logging capabilities, and a dedicated technical support team, empower hospitals to meet and exceed HIPAA guidelines. With regular updates and a commitment to security, PassagePoint Global is the trusted partner your hospital needs to maintain the highest standards of data protection and compliance.