Privacy & Security Policy

(last updated 7/3/03)

General

webINR is wholly owned and run by Prismedic, Inc.   webINR is a web based warfarin management program that is provided to the medical community in a model known as an “Application Service Provider” which requires the entry and storage of clinical data on our server(s).   Prismedic Inc., is committed to maintaining the privacy and security of the information regarding clinicians and patients that is recorded and stored in the database.   At no time will IDENTIFIABLE patient or clinician data be sold or given to third parties for any use.  Aggregate NONIDENTIFIABLE clinical data may be used for clinical study, improvement in decision support or business decisions. 

Privacy

Employees and Officers of  Prismedic, Inc. are required to keep customer information private, as a condition of their employment with the company.   All Prismedic Officers and Employees are required to sign a confidentiality statement that in the current version reads:

Internal Policy

“I am aware of the Health Insurance Portability and Accountability Act of  1996, Public Law 104-191 (“HIPAA”) and regulations  promulgated thereunder by the U.S. Department of Health and Human Services (the “HIPAA Regulations”).  In this Act and Regulations, I understand and agree that patient Protected Health Information (PHI) is to remain in strict confidence.   In the course of employment, should I encounter PHI, I shall not use PHI for purposes outside of the stated business purposes of Prismedic, Inc. as required in contracts with Health Care Providers or Institutions.  Furthermore, patient identifiable information will not be released to third parties except if required by law as outlined in the HIPAA Act and Regulations.  If in the course of business, I become aware of violations in maintaining PHI confidentiality, I agree to report this breach of maintaining PHI immediately (less than 24 hours) to an Officer of Prismedic, Inc.  I understand that breach of maintaining the confidentiality of PHI serves as potential grounds for termination of employment and potential legal proceedings.   This agreement to maintain PHI survives my termination from a position of employment at Prismedic, Inc.”

External Policy

Prismedic, Inc. will sign a standard HIPAA Business Associate document as stated in the Lessee Contract and required by the HIPAA Act and Regulations.    If required by governing law or Institution, the Lessee is responsible for obtaining patient consent to store PHI on the webINR site.

Security

Prismedic is committed to comply with all current and future standards regarding storage and transmission of confidential patient data as required by Federal HIPAA Regulations.

Security is accomplished by the following methods:

• The server is housed in a “state of the art”, physically secure, environmentally controlled corporate computer facility.

• A reliable server firewall device is in maintained to thwart unauthorized entry into the website server.

• User secure log-in is the only method to enter the site and data is transmitted over the internet using industry standard 128 bit encryption (https).

• User authentication is required to enter the web site.  Each user must have a unique ‘user name” and “password” which must be changed on the first use of the site.  (Note that internet browser "Cookies" are required to maintain authentication of users while using the site, however, this data is not recorded or forwarded to any third parties.)

• User is automatically logged out of the site if there is no activity for 20 minutes.

Further Privacy Questions or Security Concerns?

For privacy questions or concerns about webINR, please contact Suzanne Knell, WebINR Support, Abington Memorial Hospital.

Return to Home Page