The ClearDATA Advantage

Managing today's healthcare technology requires an in-depth understanding of complex regulations, policies and procedures as well as the practical challenges faced by todays leading providers. ClearDATA focuses its efforts on primary areas critical to HIPAA Privacy and Security rules ? Training, Risk Assessment, Data Encryption, Access Control, Audit Controls, and Backup / Disaster Recovery. We design each product, service and procedure from those standards and ensure that all employees are trained extensively on HIPAA standards. Our commitment is to be your trusted partner on HIPAA data security regulations and compliance. To earn that trust, we have established quality principles including:

Security Awareness Training of Workforce

ClearDATA's Chief Privacy and Data Security Officer maintains HIPAA and security-related activities within the company. His team provides internal training to sustain awareness of HIPAA regulations. Every individual, including managers, receives training on a regular basis. Training mirrors policies ranging from information security to incident reporting to practical safeguards such as data retention.

Risk Assessment

We have trained and certified consultants that provide Security Risk Analyses that satisfy the HITECH CORE Measurement 15. An effective risk analysis and remediation plan provides a review of your current status and steps toward total compliance. We can develop policies and procedures manuals and train your staff on how to maintain a secure and private environment.

Encryption Technologies

We offer an optional on premise dual connection router to insure no disruption to Internet connectivity providing 100% uptime of the hosted application. Data transmission is encrypted in motion and at rest at the disk level. We establish a Virtual Private Network (VPN) "tunnel" between the provider and the data center. We provide dedicated firewall support with enhanced security rules for secured shell (SSH) and Remote Desktop connections. Operating systems and supported applications are hardened and kept up to date. To maintain regulatory compliance, data is completely destroyed before electronic media is reused or discarded.

Access Controls

ClearDATA has very strict policies and procedures that define roles and rights of an employee to access servers, applications and data, including supervisors who grant, modify or remove access to records. We employ blocking, logging, and sending alerts of unauthorized access attempts. ClearDATA consultants also engage with clients to develop and implement their own network usage policies.

Audit Control

We utilize procedural audit mechanisms through every aspect of the solutions we put in place. We monitor and provide comprehensive reporting on user authentication, user access, what files or records were accessed and for how long. We assist our clients in inventorying all electronic Personal Health Information (ePHI) that they create, receive, maintain or transmit for auditability in the "chain of custody."

Backup and Disaster Recovery

We put in place Backup and Disaster Recovery plans so clients can continue operations in the event of a disaster. The plans includes designating the business continuity team that keeps the business going, recovering lost data, testing of backup procedures and replacing equipment as required. We manage the backup and restore services, mirroring for high availability, provide off-site redundant backup to ensure persistent data availability.

Incident Response

Our policies and procedures include incident response - step-by-step procedures dictating how to respond to specific kinds of incidents. The Chief Privacy and Data Security Officer and his team works with management to assess risk (probability of the risk multiplied by consequence), and develop the best responses. We put in place processes to document incident history to continuously improve incident response.

Business Associates Agreement

According to the Department of Health and Human Services (DHHS), a "business associate" (BA) is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a Covered Entity (CE). The Privacy Rule lists the functions or activities, as well as the particular services that classify a person or entity as a BA, including payment or health care operations activities, as well as other functions or activities regulated by the Administrative Simplification Rules.

ClearDATA cloud hosting services systematically becomes part of the data ?chain of custody? through data storage and thus classifies us as a Business Associate. We provide a Business Associates Agreement to the Covered Entity as required to help protect our clients from unnecessary liability.