Things we do to protect patients and their information
The TouchMD software is HIPAA Compliant
TouchMD strives to keep your patient data safe. Our software complies with the standards set by HIPAA. A few of the many ways the software complies with good security standards are as follows:
- Login Timeout: When a user is logged in but inactive for a given amount of time they will be automatically logged out to prevent unauthorized access.
- Password Requirements: User passwords must meet a certain strength criteria. All accounts are required to have a password of at least 8 characters long and include one uppercase letter, one lowercase letter and a number.
- Password Storage: User passwords are hashed and uniquely salted before being stored in a database. The plain text password for a user account is never stored in a database.
- Encrypted Communication: Any sensitive server to client communication is encrypted using SSL (https), as well as most other web traffic.
- File Encryption: All patient images and documents are encrypted at rest on our servers with 256-bit Advanced Encryption Standard (AES-256).
- Patient Images & documents: Additional steps are taken to ensure access to Images of specific patients is restricted to doctors and staff of the respective patient, as well as to the individual patient them-self.
- Case Study Images: Image files uploaded to galleries that are view-able to multiple patients are automatically renamed, removing data that could be used to identify a patient in the file name itself. Additionally, these files are not linked to any specific patient in the TouchMD system.
- Privacy Statements: All e-mails sent out by the system include a privacy statement.
- Unique user accounts: We require that each doctor, staff member and patient have their own unique TouchMD user account. We strongly discourage the practice of sharing each other’s passwords and practices should discourage their patients from sharing account information with other people as well.
Your Office
Additionally your office should be trained and follow the rules of HIPAA to ensure that you handle your patient data with the care it deserves and that you are not held liable for any violation.