HIPAA Compliance

MedActionPlan™ operates in a manner consistent with the requirements of the HIPAA Privacy and Security Rules. Click here to view our Business Associate Agreement.

Steps taken by MedActionPlan to safeguard confidential data include:

  • Each user has a unique user ID. Client administrators are the gatekeepers. They set program defaults, and create unique user passwords and IDs, which are only accessible to the administrator and the user. Users can change their passwords.
  • Audit controls. Users are identified and recorded each time they enter MedActionPlan.
  • Encryption. MedActionPlan uses the best available encryption technologies to protect confidential data:
    • Any information sent over the Internet is secured with 128-bit encryption technology. MedActionPlan uses a SSL certificate to protect client data from unauthorized use.
    • MedActionPlan combines Advanced Encryption Standard (AES) 256 encryption, public key cryptography, and hashing to secure all sensitive data in our databases.
  • Secure data storage. All data is stored at two separate hardened locations, in different time zones, with redundant security, fire, and power systems. All servers are dedicated. The web server is secured thru a dedicated firewall and partitioned using RAID 1. The database server is partitioned using RAID 1 for OS and RAID 10 for data. The second datacenter replicates data from the production datacenter on a secure pipe. All data servers also have two levels of physical backup: digital backup of the entire system every 24 hours, and a separate 24-hour disk backup of all data files.
  • Automatic Logoff. MAP automatically logs the user out of the system if a key has not been pressed in 10 minutes.
  • Patient Access; Authentication of Identity. Patients only have access to My Daily Schedules with a pre-assigned password and User ID.