Privacy & Security Policy

(last updated 7/3/03)

General

webINR is wholly owned and run by Abington Memorial Hospital.   webINR is a web based warfarin management program that is provided to the medical community in a model known as an “Application Service Provider” which requires the entry and storage of clinical data on our server(s).   Abington Memorial Hospital, is committed to maintaining the privacy and security of the information regarding clinicians and patients that is recorded and stored in the database.   At no time will IDENTIFIABLE patient or clinician data be sold or given to third parties for any use.  Aggregate NONIDENTIFIABLE clinical data may be used for clinical study, improvement in decision support or business decisions. 

Privacy

Employees and Officers of  Abington Memorial Hospital are required to keep customer information private, as a condition of their employment with the company.   All Abington Memorial Hospital Officers and Employees are required to sign a confidentiality statement that in the current version reads:

Internal Policy

"I am aware of the Health Insurance Portability and Accountability Act of  1996, Public Law 104-191 ("HIPAA") and regulations  promulgated thereunder by the U.S. Department of Health and Human Services (the "HIPAA Regulations").  In this Act and Regulations, I understand and agree that patient Protected Health Information (PHI) is to remain in strict confidence.   In the course of employment, should I encounter PHI, I shall not use PHI for purposes outside of the stated business purposes of Abington Memorial Hospital as required in contracts with Health Care Providers or Institutions.  Furthermore, patient identifiable information will not be released to third parties except if required by law as outlined in the HIPAA Act and Regulations.  If in the course of business, I become aware of violations in maintaining PHI confidentiality, I agree to report this breach of maintaining PHI immediately (less than 24 hours) to an Officer of Abington Memorial Hospital.  I understand that breach of maintaining the confidentiality of PHI serves as potential grounds for termination of employment and potential legal proceedings.   This agreement to maintain PHI survives my termination from a position of employment at Abington Memorial Hospital."

External Policy

Abington Memorial Hospital will sign a standard HIPAA Business Associate document as stated in the Lessee Contract and required by the HIPAA Act and Regulations.    If required by governing law or Institution, the Lessee is responsible for obtaining patient consent to store PHI on the webINR site.

Security

Abington Memorial Hospital is committed to comply with all current and future standards regarding storage and transmission of confidential patient data as required by Federal HIPAA Regulations.

Security is accomplished by the following methods:

• The server is housed in a “state of the art”, physically secure, environmentally controlled corporate computer facility.

• A reliable server firewall device is in maintained to thwart unauthorized entry into the website server.

• User secure log-in is the only method to enter the site and data is transmitted over the internet using industry standard 128 bit encryption (https).

• User authentication is required to enter the web site.  Each user must have a unique ‘user name” and “password” which must be changed on the first use of the site.  (Note that internet browser "Cookies" are required to maintain authentication of users while using the site, however, this data is not recorded or forwarded to any third parties.)

• User is automatically logged out of the site if there is no activity for 20 minutes.

Further Privacy Questions or Security Concerns?

For privacy questions or concerns about webINR, please contact Kathie Hunter, WebINR Support, Abington Memorial Hospital.

Return to Home Page