HIPPA

RadPhysics software products and services meet or exceed industry standards with respect to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Our software is designed to assist our customers in meeting HIPAA compliance standards.

Commitment

RadPhysics is committed to maintaining a secure computing environment for its customers. RadPhysics will follow all pertinent federal regulations related to information confidentiality. We have measures currently in place to safeguard customer data. These measures support our clients’ compliance with HIPAA. RadPhysics provides tools in the software products to support our customer’s HIPAA compliance.

Software Security Features

RadPhysics software systems reside on the customer’s server and are safeguarded by medical facility policies and procedures. MERP uses a relational database that employs a secure login process requiring a user name and password.  The client is responsible for safeguarding all user passwords and changing them as needed. Users are assigned to roles, each with certain access rights, which may include the ability to edit and add data or may limit access to data. When a user adds or modifies data within the database, a record is made that includes which data were changed, the user ID, and the date and time the changes were made.  This establishes an audit trail and a retrospective analysis of any change to the database that can be examined by authorized system administrators.

Remote Technology

RadPhysics remote access to customer computer networks uses a fully encrypted protocol or other methods as mutually agreed upon with the customer. Provisions for remote access to customer patient information are performed in a secure manner and in compliance with the Business Associate Agreement.

RadPhysics Facility Security

RadPhysics headquarters is located in Albuquerque, NM. Our satellite facilities are located in Seattle, WA and Atlanta, GA. Access to all facilities is limited to employees and occasional guests. All facilities are locked except during business hours. Only RadPhysics employees have keys to the premises. Employees have dedicated, password protected computers.

Regulatory Oversight

A RadPhysics manager oversees healthcare regulatory affairs including HIPAA regulations. This individual reviews the pertinent regulations, conducts RadPhysics employee training and maintains the RadPhysics HIPAA documentation. RadPhysics has policies that govern all data security matters within RadPhysics and with our customers. RadPhysics employees receive training regarding their responsibility for patient privacy under the HIPAA regulations. Our employees, consultants and advisors are all under a written confidentiality and non-disclosure agreements, the provisions of which are strictly enforced.

Business Associate Agreement

HIPAA requires health care providers to enter into "business associate" contracts with certain businesses to which they disclose patient health information. RadPhysics is prepared to comply with all provisions of the Business Associate contract as provided for in the HIPAA privacy and security rules.