Dataworks Development, Inc.
Health Insurance Portability and Accountability Act (HIPAA)
On February 20, 2003 the Department of Health and Human Services released Health Insurance Reform, Security Standards, and the Final Rule for 45 CFR Parts 160, 162, and 164, implementing some of the requirements of the HIPAA. In order to better serve our clients, who may be described as a "covered entity" under the act, Dataworks has prepared the following statement describing our dedication to assisting with compliance issues.
Dataworks as a Business Associate
From time to time during the course of routine software maintenance it may be necessary for Dataworks to view, receive, maintain, or transmit customer data that may include electronic protected health information. HIPAA standards describe this as a "Business Associate" relationship. As such, Dataworks has implemented the appropriate security measures to protect the confidentiality, integrity, availability and viability of any customer data it comes in contact with. Each Dataworks employee and subcontractor is required to review and sign Dataworks' Confidentiality and Non-Disclosure Policy regarding customer data, preventing them from disclosing, in any way, the content of that data. In addition, Dataworks' Standard Operating Procedure handbook delineates appropriate safeguards for viewing or manipulating customer data. Once any maintenance issues are resolved, customer data files at Dataworks are returned or destroyed. Only secure networking tools are used to transmit or view customer data. In the unlikely event a security breach is detected, Dataworks will immediately notify the customer.
Freezerworks assists with Security Standards
45 CFR Part 164 (Security and Privacy) delineates many standards for covered entities regarding the safeguarding of electronic protected health information. The Matrix for Security Standards (Appendix A to Subpart C of Part 164) lists the "required" and "addressable" implementation specifications. While ultimate responsibility for complying with these rules lies with the covered entity, Dataworks has modified its freezer inventory products to assist in this endeavor. Dataworks' line of Freezerworks products provide customers with workforce security in implementing Administrative Safeguards [Section 164.308] as well as Technical Safeguards [Section 164.312].
Freezerworks, version 5, contains a basic user identification system to assign three levels of data access: system administrator, data entry, and view only. A unique User Name and Password login, maintained by the system administrator, determine the appropriate security level. Dataworks' more robust program, Freezerworks Unlimited, is an excellent tool for use by different disciplinary groups or projects that have different data sets but need the ability to share data. Customers can design multiple data entry screens and assign them to specific users. With the ability to hide select data from unauthorized personnel, Freezerworks Unlimited offers a higher level of system security.
Both Freezerworks products further control unwanted access to their data by encrypting stored information within the database using proprietary methods of the database engine. If users choose to export data out of Freezerworks, flat ASCII files are created, which can then be encrypted by the user with their method of choice. The Freezerworks Unlimited client/server version offers the System Administrator a secure sockets layer (SSL) protocol requirement. When enabled, this manages the security of networking transmissions through simple object access protocol (SOAP) server settings. However, its use will slow down connections.
The Freezerworks System Administrator also has control over the Audit Trail module. This data is read-only and cannot be accessed, entered, or manipulated by any user. For every sample and aliquot data entry field that is modified, a record is created that stores the name of the user making the change, the field, the previous field entry, the new field entry, and the time and date the entry was changed. Any tampering of the data, accidental or deliberate, is monitored by this audit trail.
The System Administrator may further protect the integrity of Freezerworks data by setting edits for each User-Defined Field. These edits limit and check data entry or manipulation with choice lists, uniqueness checks, value ranges, data type checks, and other criteria.