Primary Care Partners Dictation Upload


Primary Care Partners HIPAA Security FAQ
What is HIPAA? What is important about HIPAA? What is Primary Care Partners Security for File Uploads? What is SSL security? What is HIPAA? HIPAA is the Health Insurance Portability and Accountability Act passed by Congress in 1996. This complex law regulates a number of healthcare areas, including portability of healthcare benefits, claims fraud and abuse, privacy of patient information, security of information systems used by healthcare organizations and simplification of electronic standards for administrative and financial transactions. The U.S. Department of Health and Human Services (HHS) is issuing many of the regulations required by the legislation. Individuals and organizations regulated by HIPAA include all healthcare providers, health plans and healthcare clearing houses. What is important about HIPAA? One of HIPAA's most important requirements is that healthcare organizations must implement appropriate administrative, technical and physical safeguards to protect the privacy of patient information. Information subject to this requirement is called Protected Health Information or PHI and is defined as "any information which identifies or could be used to identify an individual and has anything to do with past, present or future physical or mental health conditions, care or payment for care". What is Primary Care Partners Security for File Uploads? Primary Care Partners' Internet File Upload System is hosted at our data center, which includes a series of security measures to ensure privacy including SSL, 128-bit encryption, ISS issued certificate, unique login ID, and user defined access parameters. Primary Care Partners subscribes to Comodo® Internet security protocols. By leveraging world-class PKI infrastructure, Primary Care Partners meets or exceeds all elements of the security standards published by HIPAA. Comodo's Public Key Infrastructure (PKI) services, authenticate the identity of users conducting business across the Internet and protect the integrity of information and data transmitted. These security standards address the technical mechanisms used to guard against unauthorized access to data that is transmitted over a communications network to protect confidential medical information. All data (dictation, consultations, and transcription) are managed through our electronic file management system. Primary Care Partners' system runs on a secure server, which encrypts all data communication between your computer and our server. Therefore, anyone intercepting data while it is being transferred from our server to your computer could not interpret or decode the data. To access any data from the Primary Care Partners system, a valid username and password is required. All text files are routed through our central data center to ensure privacy, integrity, and reliability. Data files then become immediately available on our network for viewing, editing, electronic signature, and distribution. What is SSL security? The diagram and explanation below show how an SSL session is created between a web browser and a web server. Issuance occurs between the SSL Certificate Authority and the requesting Customer Server Administrator; the Customer Administrator submits a certificate request; the CA signs the request – creating a certificate; the Customer Administrator installs the certificate and configures the web server. An End User – via a standard web browser – attempts to connect to a Secure Web Site (SSL enabled); the browser sends an access request to the secure server. The Customer Web Server, in response to the End User’s browser query, sends a copy of its Digital SSL Certificate and cipher preferences. a. Some End Users’ web browsers have the ability to perform a validity check of the Server’s SSL Certificate; this check is performed by referencing the appropriate CRL (Certificate Revocation List) located in the Public Directory The End User’s web browser generates a unique, cryptographic “session” key; using the Customer’s SSL Certificate, an encrypted container is created; the “session” key is placed in this container and transmitted to the Customer’s Web Server. After decrypting the container and recovering the “session” key, the Customer Web Server sends a digitally signed acknowledgement to the End User’s web browser; this acknowledgement signals the start of the SSL-encrypted session. Using the shared “session” key, data is encrypted by the End User’s web browser, transmitted via the Internet, and decrypted by the Customer Web Server with its copy of the shared “session” key. Data transmitted from the Customer Web Server to the End User’s web browser is encrypted and decrypted in the same manner. Once the session ends (i.e. the web browser is closed or the End User navigates to a non-SSL web page), the shared “session” key is discarded; it is a one-time cipher. This system is property of Primary Care Partners. Unauthorized access is strictly prohibited. If you have questions or feedback, please contact the IT Department at 254-2640 or via email support@pcpgj.com.

Primary Care Partners HIPAA Security FAQ

What is HIPAA?
What is important about HIPAA?
What is Primary Care Partners Security for File Uploads?
What is SSL security?

What is HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act passed by Congress in 1996. This complex law regulates a number of healthcare areas, including portability of healthcare benefits, claims fraud and abuse, privacy of patient information, security of information systems used by healthcare organizations and simplification of electronic standards for administrative and financial transactions. The U.S. Department of Health and Human Services (HHS) is issuing many of the regulations required by the legislation. Individuals and organizations regulated by HIPAA include all healthcare providers, health plans and healthcare clearing houses.

What is important about HIPAA?

One of HIPAA's most important requirements is that healthcare organizations must implement appropriate administrative, technical and physical safeguards to protect the privacy of patient information. Information subject to this requirement is called Protected Health Information or PHI and is defined as "any information which identifies or could be used to identify an individual and has anything to do with past, present or future physical or mental health conditions, care or payment for care".

What is Primary Care Partners Security for File Uploads?

Primary Care Partners' Internet File Upload System is hosted at our data center, which includes a series of security measures to ensure privacy including SSL, 128-bit encryption, ISS issued certificate, unique login ID, and user defined access parameters.

Primary Care Partners subscribes to Comodo® Internet security protocols. By leveraging world-class PKI infrastructure, Primary Care Partners meets or exceeds all elements of the security standards published by HIPAA. Comodo's Public Key Infrastructure (PKI) services, authenticate the identity of users conducting business across the Internet and protect the integrity of information and data transmitted. These security standards address the technical mechanisms used to guard against unauthorized access to data that is transmitted over a communications network to protect confidential medical information.

All data (dictation, consultations, and transcription) are managed through our electronic file management system. Primary Care Partners' system runs on a secure server, which encrypts all data communication between your computer and our server. Therefore, anyone intercepting data while it is being transferred from our server to your computer could not interpret or decode the data. To access any data from the Primary Care Partners system, a valid username and password is required. All text files are routed through our central data center to ensure privacy, integrity, and reliability. Data files then become immediately available on our network for viewing, editing, electronic signature, and distribution.

What is SSL security?

The diagram and explanation below show how an SSL session is created between a web browser and a web server.

Issuance occurs between the SSL Certificate Authority and the requesting Customer Server Administrator; the Customer Administrator submits a certificate request; the CA signs the request – creating a certificate; the Customer Administrator installs the
certificate and configures the web server.
An End User – via a standard web browser – attempts to connect to a Secure Web Site (SSL enabled); the browser sends an access request to the secure server.
The Customer Web Server, in response to the End User’s browser query, sends a copy of its Digital SSL Certificate and cipher preferences.
a. Some End Users’ web browsers have the ability to perform a validity check of the Server’s SSL Certificate; this check is performed by referencing the appropriate CRL (Certificate Revocation List) located in the Public Directory
The End User’s web browser generates a unique, cryptographic “session” key; using the Customer’s SSL Certificate, an encrypted container is created; the “session” key is placed in this container and transmitted to the Customer’s Web Server.
After decrypting the container and recovering the “session” key, the Customer Web Server sends a digitally signed acknowledgement to the End User’s web browser; this acknowledgement signals the start of the SSL-encrypted session.
Using the shared “session” key, data is encrypted by the End User’s web browser, transmitted via the Internet, and decrypted by the Customer Web Server with its copy of the shared “session” key. Data transmitted from the Customer Web Server to the End User’s web browser is encrypted and decrypted in the same manner.
Once the session ends (i.e. the web browser is closed or the End User navigates to a non-SSL web page), the shared “session” key is discarded; it is a one-time cipher.

This system is property of Primary Care Partners. Unauthorized access is strictly prohibited.

If you have questions or feedback, please contact the IT Department at 254-2640 or via email support@pcpgj.com.