CISWINplus Data Security, Safety, and Redundancy.
While there are plenty of good reasons to keep your client's personal health information under lock and key and away from unwanted eyes, the Health Insurance Portability and Accountability Act (HIPPAA) mandates action on all our parts. This federal regulation addresses the security of identifiable health information. As a CISWINplus subscriber, you have the tools you need to fulfill your obligation to your clients, the law, and your own peace of mind.
Taking advantage of some of the security tools CISWINplus provides requires explicit action on the part of the software subscriber while others are built-in and require no action on your part.
Encrypted data - The data stored within the CISWINplus is only accessible by the program itself. Without the program and its encryption key that enables CISWINplus authorized users access to it, the data is rendered unidentifiable. This is constant security that you do not have to take any action on in order to benefit.
Password Protection and User Authorization - Your organization's data privacy and security policy should be your guide for who is authorized to access CISWINplus and who is not. The CISWINplus administrator is assigned the role of gate keeper for program access authorization. All counseling and nursing staff members in your organization should be included on the staff list in CISWINplus, but not everyone on the staff list is necessarily granted access to the program.
Each user with access to CISWINplus must have their own login credentials - An assigned User Name and Password. Using one username and password for the entire office is essentially an unlocked door without a key.
User names and passwords are your keys to a securely locked database of personal health information. It is your privacy and security policy and the CISWINplus administrator that control these keys. This security tool must be actively managed by the administrator to ensure that only authorized staff have access to identifiable health information of your clients. Staff members come and go, so when a staff change takes place users who are leaving the organization must be made inactive and new members must be added and their login credentials activated.
Activate and Deactivate Staff - To activate user names and passwords, go to the Settings/Staff, click the Access button. Add the staff member, or highlight on their name if they're already on the list. Check CISWINplus Login box and enter below the user name and password assignment. To deactivate a staff member, go Settings/Staff, highlight the staff name check the Inactive box. Today's date will automatically be entered, but you can set any date you choose.
Permissions - In addition to login credentials, authorized user access can be limited to a need-to-see basis. Give permission to only specific areas of the program a user needs access to. The Administrator has full access.
For example, a staff member assigned to input data should not be allowed to access Settings where other users names and passwords are stored. You may also choose to not allow them access to Analytics or to run reports thus restricting their ability export protected information in an uncontrolled fashion.
To access Permissions go to Settings/Staff, click the Access button. Find Permissions just below the Login area. Click the areas you want a user to be able to access.
Password protection and Permissions are security tools that require active management of the CISWINplus subscriber. The efficacy of these security tools is limited by how well it is managed.
Date and Time Stamped Activity - CISWINplus records the actions of its users along with a date and time stamp. Regulations require that a client can request from you a report that identifies who has accessed their personal health information. To run the report, open the Client's Record and click on the HISTORY tab, uncheck the Exclude User Activity box and click print. If you want to filter the activity by date, user, or specific case you have those options. The important action required on the subscribers part is proper management of user access, login credentials, and permissions. A single user name and password for the office will effectively make this security tool moot since it will have only recorded a single user when in fact there have been several or many and you would be hard pressed to identify who has accessed what. Furthermore, you run the risk of not being in compliance with regulations.
Third-Party Partners - Carelife Software employs certain third-party applications to enhance critical security in addition to offering excellent functionality for our users that access CISWINplus over the Internet and via the Web. In every instance you can trust that your connection over the Internet or via the web is encrypted using the highest Internet industry standards for secure connections.
Carelife Cloud and Data back-up - In addition to controlling access, it is important to ensure your data is always there for those who need access. The Carelife Cloud provides the safety and redundancy required for a well managed data storage system. We all know bad things can happen to computer equipment; we could probably share our nightmare stories of things forever lost. Hard drives can crash and files can be corrupted.
We recommend the Carelife Cloud service if you want to shift the burden of data safety and back-up away from your system and on onto ours. We use a third-party back-up service that reliably and effectively backs up all data on a daily basis. If there is any corruption of your data for any reason, we have the original going back 30 days prior to the event. If your computer becomes inoperable for any reason, your CISWINplus program is not impacted whatsoever.