Health Insurance Portability and Accountability Act (HIPAA)

 

Health Insurance Portability and Accountability Act (HIPAA)

At Karantis360 Limited we take security of your data very seriously and as such we are HIPAA complaint and we only work with HIPAA complaint partners such as Microsoft https://www.microsoft.com/en- us/TrustCenter/Compliance/HIPAA and IBM https://www.ibm.com/developerworks/cloud/library/cl- hipaa/index.html. HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also comply.

The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI).

So, what does this mean to you?

Data security is paramount, and we plan extensively to ensure that we protect your data. But what do we store and how do we store it?

The private information that we store is:

  • Your name
  • Family member(s) name(s)
  • Your email address & phone numbers and those of a family member(s) using the application
  • KarantisFacts (care information relating to the client (patient))
  • Care related data input by your care agency(s)
  • Photo images taken during care visits
  • The content of care reports

We protect this information with the latest encryption software and all data stored is encrypted at rest. Any information retrieved and displayed on mobile devices for use by your Carer or Family Member isn’t stored on the mobile device, it can only be viewed, so if the device is lost or stolen your data is still protected. By the 2nd May 2018 you will be prevented from taking screenshots of the mobile device.

Our application has an idle time lockout of 5 minutes, so if the application isn’t used within 5 minutes the user will need to log back into the application.

Where is your data stored?

All your data is stored directly into the cloud, this is storage provided by Microsoft and/or IBM, and our databases are located within their datacenters and behind the firewalls designed to protect and segregate the information for Karantis360 Limited access only. If you are a US based company your data is designed and stored within a US datacenter.

What do we do with your data?

Firstly, we won’t sell your private information to marketing companies or share it with any other company not associated to Karantis360 Limited. We will ask you if it’s ok if Karantis360 Limited can contact you with new application features, promotions, or sign you up to our e-newsletter. If you decline, we won’t contact you unless you tell us to.

Who accesses the data and why?

The designated care provider(s), carer(s) and family member(s) as these are linked together around a patient in care. To ensure privacy these persons are connected via a license key, these keys are unique and generated by a bespoke system owned by Karantis360 Limited. The key will only enable the approved care provider(s), associated carer(s) and family member(s) to be linked together in a secure walled environment.

In addition to these parties Karantis360 Limited and its software partner DCSL Software Limited are the only other companies that have access to the data and this is to ensure that the system has the correct security patches and licenses updated to the system to ensure that the data is always protected to the latest software versions ensuring data security.

Who owns the data?

The client owns the data, with a family member acting on their behalf. If you request it to be removed, then this removal will be actioned by Karantis360 Limited. To request data removal just email us at security@karantis360.com with your request.

What happens if I cancel my subscription?

If you cancel your subscription by emailing security@karantis360.com then firstly, we will cancel your license key subscription – this locks everyone out of the system associated with your license key, secondly, we will remove your personal information from our database. Karantis360 Limited will respond by email to your request at security@karantis360.com confirming that your license key has been canceled and your data removed.

 

See our separate policies on Security & PrivacyCookiesGDPR & MDM