All ICPA software products currently meet the “required” HIPAA Privacy and Security requirements. Enhanced or “addressable” security features are included in Version 4 of each product. The following list details these enhancements.
AUTHENTICATION |
Version 3 |
Version 4 |
User Names are unique |
X |
X |
Passwords can contain combinations of alphabetic, numeric, and special characters (accept all characters on keyboard, but not unprintable characters) |
X |
X |
The password file or list is encrypted |
X |
X |
Passwords are encrypted when traveling over the network |
X |
X |
The previous 5 passwords cannot be reused (Administrator turns this On or Off) |
|
X |
Passwords used in the last XX days cannot be reused when a password is changed (Administrator controls interval XX in days) |
|
X |
The security Administrator can specify a minimum password length |
X |
X |
The security Administrator can specify password complexity. Administrator controls whether Numerals required (Y/N), Special characters required (Y/N), Upper & Lowercase required (Y/N), No common words allowed (Y/N) |
X |
X |
The security Administrator can reset passwords to a unique value |
X |
X |
Users must reset their password at initial sign in, when the password expires, and when the password is reset by an Administrator |
X |
X |
Users may change their own passwords at any time |
X |
X |
Passwords expire (must be changed) at a specific interval (Administrator sets change expriation interval) |
X |
X |
Administrators must enter both a Password and a Passphrase to sign on. Passphrases must meet the same security requirements as passwords. |
|
X |
|
|
|
AUTHORIZATION |
|
|
Program displays a banner with an OK button before the user enters their ID & password |
X |
X |
At sign-on, program tells user last time they signed on. |
X |
X |
Accounts are disabled indefinitely if they are unused for XX days (Administrator controls interval in days) |
X |
X |
Accounts are locked temporarily after a specific number of consecutive invalid access attempts |
X |
X |
Access to each screen of data and each menu function can be controlled by Administrator |
X |
X |
Access to specific files, functions, menus, and commands can be limited based on user's patient care responsibilities or job function |
|
X |
Time-out feature automatically signs user off if terminal has been left unattended for a defined period of time |
|
X |
Program prevents simultaneous log-on of same user at different workstations |
X |
X |
|
|
|
INTEGRITY |
|
|
Provides tools or reports to verify that data is complete and internally consistent |
X |
|
File and record locking is robust |
|
X |
Provides control over stored data to ensure that data is not altered or destroyed |
|
X |
|
|
|
SECURITY ADMINSTRATION & AUDIT TRAILS |
|
|
Security administration functions are separate from system operation, management, and maintenance functions |
X |
X |
Software provides maintenance tools for security Administrator |
X |
X |
Accounts may be locked/disabled by a system Administrator |
X |
X |
Accounts are disabled automatically and permanently if they are unused for some interval (Administrator sets # of days) |
X |
X |
Accounts are locked automatically but temporarily after a specific number of consecutive invalid access attempts |
X |
X |
System Administrator can bypass user access rights to access data in an emergency |
X |
X |
Provides the following security reports for Security Administrators:
Inventory of User Names and Descriptions
List of active accounts
List of User Access rights (both to data and administrative functions) |
|
X |
Security audit log records user authentication events and functions accessed including user logons, logoffs and failed logon attempts |
|
X |
Security audit log records all modifications to security settings, including creating, disabling and deleting user identification codes & passwords |
|
X |
Security audit logs stored for XX days before being purged (Administrator controls how long they are stored & can manually create archive logs at any time) |
|
X |
Provides capability to log all functions performed by a security Administrator, including adding and deleting Users and changing their access rights |
|
X |
Management reports are available for review of security logs |
|
X |
Transaction audit log records date/time, old value & new value each time a user who creates, deletes or makes manual changes to any record. |
|
X |
Provides capability to log all functions performed by a system Administrator, including Backup, Restore, and Screen Setup changes |
|
X |
Readable management reports are available for review of transaction logs |
|
X |
System has auditing capabilities for both online or batch reporting. Reports can also be exported into Word, Excel, or other leading industry tools. |
|
X |
Possible to encrypt database on server, as well as all data transmitted between client & server |
|
X |
Import & Export of data require additional authentication or specific client side software |
|
X |
|
|
|
DISASTER PREVENTION |
|
|
Provides sufficient back-up and recovery features to assure no data loss after system failure |
|
X |
Backup processes can be performed while the system is operational |
|
X |
A data archiving process is available based on system Administrator criteria (e.g. time, data type, discharge, and disposition) |
|
X |
Provides capability to protect all types of audit logs against unauthorized access, modifications, and deletions |
|
X |
Provides capability to prevent unauthorized changes to application program code |
|
X |
