Security Safeguards to Protect Personal Health Information
Under PHIPA, personal health information is required to be protected against loss, theft or unauthorized use or disclosure. xwave and its CMS ASP service employees and subcontractors take reasonable steps to maintain the privacy and confidentiality of the personal health information input and stored through the CMS service.
Security safeguard measures xwave uses to protect personal health information input and stored using the CMS ASP service include:
 |
|
|
| • | threat risk assessments and system penetration testing | |
| • | password policies | |
| • | user identity verification and access controls | |
| • | tracking accesses and attempted access to patient information | |
| • | monitoring of potential and actual system security breaches | |
| • | firewalls and virus protection | |
| • | server hardening, patch management, change management and system logging and monitoring | |
| • | staff security clearance policies and procedures | |
| • | other physical, technical, operational and administrative controls and procedures |
The physician is the custodian of his/her patients' electronic information. The CMS software is designed such that access to patient information requires the use of confidential usernames and passwords, known only to the individual physician and staff he/she has authorized to have access. Each authorized user is able to see only what the physician permits them to see. Click here for more information about the physician's security responsibilities
