Healthvana works with healthcare providers to give patients instant access to their personal health information. Because we serve healthcare organizations and individual patients (collectively, our “Users”), protecting our Users’ privacy and maintaining high levels of security are our greatest concerns.
In addition to upholding an industry-leading security infrastructure, Healthvana complies with the regulations provided by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH)). Our efforts to maintain these stringent security goals include the following security measures:
Healthvana maintains an audit trail and log of every individual who accessed patients’ personal health information.
In order to provide our services to Users, a limited number of Healthvana employees have access to User data. These employees are trained in confidentiality, data security processes, and HIPAA requirements, and will access personally-identified data only in order to provide or improve services offered. Every employee has agreed to keep all personal information confidential. Healthvana grants varying degrees of access to different employees, appropriate with their specific responsibilities in providing our service.
Communication between Users and Healthvana’s application server is secured by using SSL version 3.0, which uses 128-bit encryption. All data is encrypted in motion and at rest.
Healthvana takes all reasonable measures to secure User data on our servers, which are located in a secure data center. Our data center is both physically and electronically secured. Our servers are isolated from the Internet using a firewall, which is a hardware and software system that blocks access by unauthorized parties. Healthvana servers are continuously monitored by intrusion detection software. Healthvana periodically undergoes a security audit by a 3rd party to test our security measures.
Healthvana has internal security policies that require User data to be kept private and confidential, and we will not share User data with any unauthorized party.
Direct access to User accounts through healthvana.com is controlled by a login ID and password, which Users choose and are subject to strict login ID and password rules to minimize the chance of an unauthorized user gaining access.
Healthvana provides protection against Users accidentally leaving personal information active on a computer browser screen. The Healthvana service ends a User "session" if Users are logged in to Healthvana but have not actively used the service for a set period of time. This helps prevent others from accessing Users’ accounts when Users leave a session and forget to log out.
Healthvana uses a digital certificate issued by GoDaddy, Inc., a leading Secure Server Certification Authority. This enables Users to know that they are connected to a site operated by Healthvana and authenticated as such.
Healthvana requires callers to our support line to prove identity before providing information related to the caller's personal health information.
All electronic communications between Users and Healthvana that contain sensitive data occur via secure mechanisms provided by the application. Personal health information is never communicated by Healthvana via insecure channels such as e-mail.
We require people and entities with which we do business to obey privacy and security laws, including but not limited to HIPAA regulations.
We utilize industry-leading levels of disaster recovery, which ensure uptime by preventing outages caused by power, security, environment, fire, and natural disasters. Within these facilities, Healthvana is able to deliver the highest levels of reliability through a number of redundant subsystems, such as multiple Internet trunks coming in from multiple sources, fully redundant power on the premises, and multiple backup generators.
Healthvana employs a variety of products and technology to enhance data availability and to protect data from unauthorized modification and corruption.