HIPAA

HIPAA Compliance

The Health Insurance Portability and Accountability Act provides guidelines for how Health Information should be handled and secured. Detailed below are steps we have taken at PDM to ensure compliance with HIPAA. Please note this is not an exhaustive list. If you have further questions that are not addressed here, you may ask more questions by contacting us.

Technology

Anti-virus, anti-spyware
PDM uses Trend Micro Client/Server/Messaging Suite for it's antivirus and antispyware needs. Trend Micro is an industry recognized provider of this technology. Anti-virus sweeps are performed nightly. You can learn more about Trend Micro at www.trendmicro.com.
Firewall
PDM uses Microsoft Internet Security and Acceleration (ISA) Server as it's firewall to monitor both incoming and outgoing traffic. All traffic, no matter how trivial, that leaves or enters our network must be authorized. You can learn more about ISA Server at www.microsoft.com/isaserver
128-bit SSL (Secure Sockets Layer)
All communication between PDM and outside partners and clients is secured using a 128-bit SSL certificate. This is the same security used by major websites such as amazon.com. You can learn more about SSL at Wikipedia.

Procedures

Password Policy
All of our users are required to have 14 character passwords. Passwords expire every 90 days and users may not reuse their last 5 passwords. Accounts are locked out for 30 minutes if an incorrect password is entered 5 times in 5 minutes.
Event Logging
Events such as user logon and any changes to system state are automatically recorded in the Windows Event Log.
Software Updates
Vendors such as Microsoft release periodic updates to fix security issues or add security features to their products. PDM evaluates and installs these fixes every month. For your safety and the safety of your data, PDM's network is always up-to-date.