All ICPA software products currently meet the “required” HIPAA Privacy and Security requirements. Enhanced or “addressable” security features are included in Version 4.x of each product. The following list details these enhancements
AUTHENTICATION |
Version 3 |
Version 4 |
User Names are unique
|
X |
X |
Passwords can contain combinations of alphabetic, numeric, and special characters (accept all characters on keyboard, but not unprintable characters)
|
X |
X |
The password file or list is encrypted. . |
X |
X |
Passwords are encrypted when traveling over the network |
X |
X |
The previous 5 passwords cannot be reused (Administrator turns this On or Off) |
|
X |
Passwords used in the last XX days cannot be reused when a password is changed (Administrator controls interval XX in days) |
|
X |
The security Administrator can specify a minimum password length |
X |
X |
The security Administrator can specify password complexity. Administrator controls whether Numerals required (Y/N), Special characters required (Y/N), Upper & Lowercase required (Y/N), No common words allowed (Y/N) |
X |
X |
The security Administrator can reset passwords to a unique value |
X |
X |
Users must reset their password at initial sign in, when the password expires, and when the password is reset by an Administrator |
X |
X |
Users may change their own passwords at any time |
X |
X |
Passwords expire (must be changed) at a specific interval (Administrator sets change expriation interval) |
X |
X |
Administrators must enter both a Password and a Passphrase to sign on. Passphrases must meet the same security requirements as passwords. |
|
X |
|
|
|
AUTHORIZATION |
|
|
Program displays a banner with an OK button before the user enters their ID & password |
X |
X |
At sign-on, program tells user last time they signed on. |
X |
X |
Accounts are disabled indefinitely if they are unused for XX days (Administrator controls interval in days) |
X |
X |
Accounts are locked temporarily after a specific number of consecutive invalid access attempts |
X |
X |
Access to each screen of data and each menu function can be controlled by Administrator |
X |
X |
Access to specific files, functions, menus, and commands can be limited based on user's patient care responsibilities or job function |
|
X |
Time-out feature automatically signs user off if terminal has been left unattended for a defined period of time |
|
X |
Program prevents simultaneous log-on of same user at different workstations |
X |
X |
|
|
|
INTEGRITY |
|
|
Provides tools or reports to verify that data is complete and internally consistent |
X |
|
File and record locking is robust |
|
X |
Provides control over stored data to ensure that data is not altered or destroyed |
|
X |
|
|
|
SECURITY ADMINSTRATION & AUDIT TRAILS |
|
|
Security administration functions are separate from system operation, management, and maintenance functions |
X |
X |
Software provides maintenance tools for security Administrator |
X |
X |
Accounts may be locked/disabled by a system Administrator |
X |
X |
Accounts are disabled automatically and permanently if they are unused for some interval (Administrator sets # of days) |
X |
X |
Accounts are locked automatically but temporarily after a specific number of consecutive invalid access attempts |
X |
X |
System Administrator can bypass user access rights to access data in an emergency |
X |
X |
Provides the following security reports for Security Administrators:
Inventory of User Names and Descriptions
List of active accounts
List of User Access rights (both to data and administrative functions)
|
|
X |
Security audit log records user authentication events and functions accessed including user logons, logoffs and failed logon attempts |
|
X |
Security audit log records all modifications to security settings, including creating, disabling and deleting user identification codes & passwords |
|
X |
Security audit logs stored for XX days before being purged (Administrator controls how long they are stored & can manually create archive logs at any time) |
|
X |
Provides capability to log all functions performed by a security Administrator, including adding and deleting Users and changing their access rights |
|
X |
Management reports are available for review of security logs |
|
X |
Transaction audit log records date/time, old value & new value each time a user who creates, deletes or makes manual changes to any record. |
|
X |
Provides capability to log all functions performed by a system Administrator, including Backup, Restore, and Screen Setup changes |
|
X |
Readable management reports are available for review of transaction logs |
|
X |
System has auditing capabilities for both online or batch reporting. Reports can also be exported into Word, Excel, or other leading industry tools. |
|
X |
Possible to encrypt database on server, as well as all data transmitted between client & server |
|
X |
Import & Export of data require additional authentication or specific client side software |
|
X |
|
|
|
DISASTER PREVENTION |
|
|
Provides sufficient back-up and recovery features to assure no data loss after system failure |
|
X |
Backup processes can be performed while the system is operational |
|
X |
A data archiving process is available based on system Administrator criteria (e.g. time, data type, discharge, and disposition) |
|
X |
Provides capability to protect all types of audit logs against unauthorized access, modifications, and deletions |
|
X |
Provides capability to prevent unauthorized changes to application program code |
|
X |
AICE® software products are in use by more
than 1,300 healthcare facilities worldwide, providing Infection
Control Professionals with easy yet powerful epidemiologic tools.
