Patient Privacy Facts
The privacy of the patient's data is a paramount consideration and was a driving force in the development of our system architecture. Our security software has been designed to be compliant with HIPAA Privacy regulations that came into effect April 2003. Our system is unique in that it empowers patients—they are in control of their data at all times. Our security is built-in using the Smart Card technology coupled with our secure software architecture. Patient privacy is a top concern and we've put numerous constraints into our application to ensure that the patient data remains secure.
Below is a list of considerations that have been taken into account to ensure patient privacy:
Patient-centric
The patient owns and controls their Mobile Health Record. They are in control of their personal information and medical history at all times. Patients can even purchase a card reader to view their data at any time.
Authentication
The patient has a unique PIN known only to them stored on their individual Mobile Health Record; they are required to enter this to access their data. Not only does the patient have to have physical access to their card, they must also have their PIN for authentication.
Identification
When the patient inserts their Smart Card into the card reader, personal identification data is automatically displayed from the card (age, sex, height, weight, hair and eye color, and nationality). The provider can compare this data with the physical appearance of the patient in order to verify that the patient's identification. This step, along with the authentication, present a great leap forward in terms of fraud detection.
Layered Security
In order to see and update the patients data on the patient's card BOTH the patient and the health care provider MUST be authenticated. This helps ensure that not only is the patient who they claim, but also the staff member.
Staff Roles
The health care provider delegates security administration to trusted employees. Our software provides different logical views of the patient data depending of the authorization roles of the employee. The clinic is responsible, though, for assigning different security roles—this task is typically delegated to the security administrator. The security administrator determines which staff members should have access to patient's cards and assigns them security roles based on their position.
