About the Client
The client chose Silicus as its partner based on our track record of successfully delivering several HIPAA compliant applications.
Silicus implemented a series of safeguards as part of the application and database re-engineering for HIPAA compliance.
Implemented policies within the application server restricting access to security logs, reports, and other security information to only authorized personnel. This included:
- Unique User Identification
- Automatic Logoff that terminates a user session after a predetermined time of inactivity
- Implemented a mechanism to encrypt and decrypt ePHI
Log retention and maintenance features were implemented. Authorized users can access raw and correlated incident logs using searchable online log data. NLog logging platform was leveraged to produce and manage logs for the SQL Database.
Integrity & Authentication
Implemented automated workflows to validate client ePHI against unauthorised modifications. Procedures were put in place to verify employees before access to electronic protected health information.
All PHI related fields in the Database were encrypted to hide patient identities.
Security measures were developed to guard against unauthorized access to data transmitted over the internet. Data in Transit was encrypted by implementing SSL certificates.
Silicus implemented the required measures to make the application HIPAA compliant, protecting rhe client from compliance related risks.
Every operation in the SQL DB is logged and associated with an authenticated user, ensuring no action goes unnoticed, thereby saving time and money by offloading the need for detailed, pervasive record keeping.